Lucene search

Veracode Vulnerability DatabaseVERACODE:12050

HistoryJan 15, 2019 - 9:11 a.m.

Privilege Escalation

2019-01-1509:11:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0004 Low

EPSS

Percentile

10.1%

JSON

kernel-rt is vulnerable to privilege escalation attacks. The vulnerability exists as an integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.

CPENameOperatorVersion
kernel-rteq3.0.36__rt57.66.el6rt
kernel-rteq3.10.0__229.rt56.162.el6rt
kernel-rteq3.10.0__229.rt56.153.el6rt
kernel-rteq3.0.9__rt26.46.el6rt
kernel-rteq3.8.13__rt14.20.el6rt
kernel-rteq3.0.9__rt26.45.el6rt
kernel-rteq3.10.0__229.rt56.158.el6rt
kernel-rteq3.10.0__327.rt56.176.el6rt
kernel-rteq3.6.11__rt28.20.el6rt
kernel-rteq3.0.30__rt50.62.el6rt

Name	Operator	Version
kernel-rt	eq	3.0.36__rt57.66.el6rt
kernel-rt	eq	3.10.0__229.rt56.162.el6rt
kernel-rt	eq	3.10.0__229.rt56.153.el6rt
kernel-rt	eq	3.0.9__rt26.46.el6rt
kernel-rt	eq	3.8.13__rt14.20.el6rt
kernel-rt	eq	3.0.9__rt26.45.el6rt
kernel-rt	eq	3.10.0__229.rt56.158.el6rt
kernel-rt	eq	3.10.0__327.rt56.176.el6rt
kernel-rt	eq	3.6.11__rt28.20.el6rt
kernel-rt	eq	3.0.30__rt50.62.el6rt

Rows per page:

1-10 of 641

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa

lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html

rhn.redhat.com/errata/RHSA-2016-1033.html

rhn.redhat.com/errata/RHSA-2016-1051.html

rhn.redhat.com/errata/RHSA-2016-1055.html

source.android.com/security/bulletin/2016-10-01.html

www.openwall.com/lists/oss-security/2016/05/12/9

www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

www.securityfocus.com/bid/90626

www.ubuntu.com/usn/USN-2979-4

access.redhat.com/errata/RHSA-2016:1033

access.redhat.com/errata/RHSA-2016:1051

access.redhat.com/errata/RHSA-2016:1055

access.redhat.com/security/cve/CVE-2016-0758

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1300257

bugzilla.redhat.com/show_bug.cgi?id=1320168

github.com/torvalds/linux/commit/23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa

h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158555