Main
Vulnerability Database
Exploits
ID:8641 - Exploit for Use-after-free error in Linux kernel - CVE-2016-0728
ID:8641 - Exploit for Use-after-free error in Linux kernel - CVE-2016-0728
Published: December 4, 2022
Vulnerability identifier: #VU2513
Vulnerability risk: Medium
CVE-ID: CVE-2016-0728
CWE-ID: CWE-119
Exploitation vector: Local access
Vulnerable software:
Linux kernel
Linux kernel
Link to public exploit:
Vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to use-after-free error in the join_session_keyring() function in security/keys/process_keys.c when handling keyring object reference counting by Linux kernel's key management subsystem. A local attacker can overflow the usage field via a specially crafted object and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The weakness exists due to use-after-free error in the join_session_keyring() function in security/keys/process_keys.c when handling keyring object reference counting by Linux kernel's key management subsystem. A local attacker can overflow the usage field via a specially crafted object and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Remediation
Update to version 4.4.1.