Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash).
{ "availability": "No subscription required", "binaries": [ { "binary_name": "linux-headers-4.4.0-1035-snapdragon", "binary_version": "4.4.0-1035.39" }, { "binary_name": "linux-image-4.4.0-1035-snapdragon", "binary_version": "4.4.0-1035.39" }, { "binary_name": "linux-image-4.4.0-1035-snapdragon-dbgsym", "binary_version": "4.4.0-1035.39" }, { "binary_name": "linux-snapdragon-headers-4.4.0-1035", "binary_version": "4.4.0-1035.39" }, { "binary_name": "linux-snapdragon-tools-4.4.0-1035", "binary_version": "4.4.0-1035.39" }, { "binary_name": "linux-snapdragon-tools-4.4.0-1035-dbgsym", "binary_version": "4.4.0-1035.39" }, { "binary_name": "linux-tools-4.4.0-1035-snapdragon", "binary_version": "4.4.0-1035.39" } ] }