You are here

Home › Use after free vulnerability in Linux kernel keychain management

Use after free vulnerability in Linux kernel keychain management

Submitted on 20. January 2016 - 16:37 by rischi.
Last update on 21. January 2016 - 13:04.
IDs: 
CVE-2016-0728
Keywords: 
keychain, use-after-free
Description: 

Linux version 3.8 or above is affected by a reference leak vulnerability in the keyring facility. A local attacker can escalate privileges from local to root via a use-after-free-attack [1].

Airlock WAF is not affected because the Linux kernel in CentOS 6 is not affected [2].

Resolution: 

no action required.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock
Reference: 
[1] ANALYSIS AND EXPLOITATION OF A LINUX KERNEL VULNERABILITY (CVE-2016-0728)
[2] Red Hat: Use after free vulnerability in Linux kernel keychain management (CVE-2016-0728)
© Ergon Informatik AG