Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "4.4.0-1010.13", "binary_name": "linux-headers-4.4.0-1010-raspi2" }, { "binary_version": "4.4.0-1010.13", "binary_name": "linux-image-4.4.0-1010-raspi2" }, { "binary_version": "4.4.0-1010.13", "binary_name": "linux-image-4.4.0-1010-raspi2-dbgsym" }, { "binary_version": "4.4.0-1010.13", "binary_name": "linux-raspi2-headers-4.4.0-1010" }, { "binary_version": "4.4.0-1010.13", "binary_name": "linux-raspi2-tools-4.4.0-1010" }, { "binary_version": "4.4.0-1010.13", "binary_name": "linux-raspi2-tools-4.4.0-1010-dbgsym" }, { "binary_version": "4.4.0-1010.13", "binary_name": "linux-tools-4.4.0-1010-raspi2" } ] }