CVE-2016-4470

MEDIUM

Oracle VM Server < 4.6.3 - Denial of Service

Title source: rule

Description

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.

References (48)

... and 28 more

Scores

CVSS v3 5.5
EPSS 0.0006
EPSS Percentile 16.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

Status draft

Affected Products (17)

oracle/vm_server
oracle/vm_server
oracle/linux
oracle/linux
oracle/linux
linux/linux_kernel < 4.6.3
novell/suse_linux_enterprise_real_time_extension
redhat/enterprise_linux
redhat/enterprise_linux_desktop
redhat/enterprise_linux_for_real_time
redhat/enterprise_linux_hpc_node
redhat/enterprise_linux_hpc_node_eus
redhat/enterprise_linux_server
redhat/enterprise_linux_server_aus
redhat/enterprise_linux_server_eus
... and 2 more

Timeline

Published Jun 27, 2016
Tracked Since Feb 18, 2026