The joinsessionkeyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
{ "vanir_signatures": [ { "digest": { "length": 1147.0, "function_hash": "52297195508143344721828551464331180897" }, "signature_type": "Function", "id": "CVE-2016-0728-02de092a", "signature_version": "v1", "target": { "function": "join_session_keyring", "file": "security/keys/process_keys.c" }, "source": "https://github.com/torvalds/linux/commit/23567fd052a9abb6d67fe8e7a9ccdd9800a540f2", "deprecated": false }, { "digest": { "line_hashes": [ "145220142616808449235994104942965173714", "142974499796242221412180661914375219616", "21155213230854065544807520115443495632", "55454705393793865290952718769312024214" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2016-0728-60dec91f", "signature_version": "v1", "target": { "file": "security/keys/process_keys.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@23567fd052a9abb6d67fe8e7a9ccdd9800a540f2", "deprecated": false }, { "digest": { "length": 1147.0, "function_hash": "52297195508143344721828551464331180897" }, "signature_type": "Function", "id": "CVE-2016-0728-d1befe5b", "signature_version": "v1", "target": { "function": "join_session_keyring", "file": "security/keys/process_keys.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@23567fd052a9abb6d67fe8e7a9ccdd9800a540f2", "deprecated": false }, { "digest": { "line_hashes": [ "145220142616808449235994104942965173714", "142974499796242221412180661914375219616", "21155213230854065544807520115443495632", "55454705393793865290952718769312024214" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2016-0728-f8d71773", "signature_version": "v1", "target": { "file": "security/keys/process_keys.c" }, "source": "https://github.com/torvalds/linux/commit/23567fd052a9abb6d67fe8e7a9ccdd9800a540f2", "deprecated": false } ] }