CVE-2016-2053

MEDIUM

Linux kernel <4.3 - DoS

Title source: llm

Description

The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.

References (28)

[Vendor Advisory] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html

... and 8 more

Scores

CVSS v3 4.7

EPSS 0.0009

EPSS Percentile 26.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-310

Status draft

Affected Products (1)

linux/linux_kernel < 4.3

Timeline

Published May 02, 2016

Tracked Since Feb 18, 2026