CVE-2016-2053 — Vulnetix

Try Vulnetix Request Demo

CVE-2016-2053 PUBLISHED

The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.

EPSS 0.09% · 26.1th percentile

Risk Scores

EPSS Score

0.09%

26.1th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:14.04:LTS	linux-lts-utopic	0, 3.16.0-25.33~14.04.2, 3.16.0-26.35~14.04.1
Ubuntu:14.04:LTS	linux	3.13.0-29.53, 0, 3.13.0-30.55
Ubuntu:14.04:LTS	linux-lts-vivid	0, 3.19.0-18.18~14.04.1, 3.19.0-20.20~14.04.1
Ubuntu:14.04:LTS	linux-lts-wily	0, 4.2.0-18.22~14.04.1, 4.2.0-19.23~14.04.1

Timeline

May 2, 2016 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2016-2053 third-party-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1300237 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2016-2053 third-party-advisory

Open in Interactive Console →