CVE-2016-9604 — Vulnetix

CVE-2016-9604 PUBLISHED

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.

EPSS 0.02% · 5.1th percentile

Risk Scores

EPSS Score

0.02%

5.1th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:20.04:LTS	linux-riscv	5.4.0-28.32, 5.4.0-34.38, 5.4.0-33.37
Ubuntu:24.04:LTS	linux-hwe-6.11	*, 0, 6.11.0-25.25~24.04.1
Ubuntu:18.04:LTS	linux-hwe	5.0.0-31.33~18.04.1, ,
Ubuntu:24.04:LTS	linux-azure-6.11	6.11.0-1015.15~24.04.1, 6.11.0-1017.17~24.04.1, 6.11.0-1013.13~24.04.1
Ubuntu:20.04:LTS	linux-gke	5.4.0-1059.62, 5.4.0-1057.60, 5.4.0-1055.58
Ubuntu:18.04:LTS	linux-gcp	4.15.0-1009.9, 4.15.0-1008.8, 4.15.0-1021.22
Ubuntu:Pro:20.04:LTS	linux-azure-fde-5.15	5.15.0-1073.82~20.04.1.1, 5.15.0-1088.97~20.04.1.1, 5.15.0-1089.98~20.04.1.1
Ubuntu:20.04:LTS	linux-azure-fde	5.4.0-1068.71+cvm1.1, 5.4.0-1100.106+cvm1.1, 5.4.0-1098.104+cvm1.1
Ubuntu:20.04:LTS	linux-raspi2	5.3.0-1017.19, 0, 5.4.0-1006.6
Ubuntu:16.04:LTS	linux-snapdragon	4.4.0-1048.52, 4.4.0-1013.14, 4.4.0-1012.12
Ubuntu:16.04:LTS	linux-hwe	*, 4.10.0-28.32~16.04.2, 4.10.0-27.30~16.04.2
Ubuntu:24.04:LTS	linux-gcp-6.11	0, 6.11.0-1006.6~24.04.2, 6.11.0-1011.11~24.04.1
Ubuntu:16.04:LTS	linux	4.2.0-19.23, 4.3.0-1.10, 4.4.0-71.92
Ubuntu:16.04:LTS	linux-gke	4.4.0-1006.6, 4.4.0-1008.8, 0
Ubuntu:22.04:LTS	linux-realtime	5.15.0-1032.35, 0
Ubuntu:22.04:LTS	linux-riscv	5.15.0-1008.8, 5.15.0-1027.31, 5.15.0-1020.23
Ubuntu:24.04:LTS	linux-lowlatency-hwe-6.11	6.11.0-1016.17~24.04.1, 6.11.0-1015.16~24.04.2, 6.11.0-1014.15~24.04.1
Ubuntu:14.04:LTS	linux	3.13.0-35.62, 3.12.0-1.3, 3.13.0-93.140
Ubuntu:24.04:LTS	linux-raspi-realtime	0, 6.8.0-2019.20
Ubuntu:14.04:LTS	linux-lts-xenial	*, 4.4.0-59.80~14.04.1, 4.4.0-62.83~14.04.1

…and 6 more

Exploit Intelligence

Exploiting CVE-2016-10277 for Secure Boot and Device Locking bypass (github-poc)
Exploiting CVE-2016-10277 for Secure Boot and Device Locking bypass (github-poc)
Exploiting CVE-2016-10277 for Secure Boot and Device Locking bypass (github-poc)
Exploiting CVE-2016-10277 for Secure Boot and Device Locking bypass (github-poc)
Exploiting CVE-2016-10277 for Secure Boot and Device Locking bypass (github-poc)
Motorola Untethered Jailbreak: Exploiting CVE-2016-10277 for Secure Boot and Device Locking bypass (github-poc)
Motorola Untethered Jailbreak: Exploiting CVE-2016-10277 for Secure Boot and Device Locking bypass (github-poc)
Motorola Untethered Jailbreak: Exploiting CVE-2016-10277 for Secure Boot and Device Locking bypass (github-poc)
Motorola Untethered Jailbreak: Exploiting CVE-2016-10277 for Secure Boot and Device Locking bypass (github-poc)
Motorola Untethered Jailbreak: Exploiting CVE-2016-10277 for Secure Boot and Device Locking bypass (github-poc)

Timeline

Dec 31, 2016 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2016-9604 third-party-advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee8f844e3c5a73b999edf733df1c529d6503ec2f third-party-advisory
https://ubuntu.com/security/notices/USN-3314-1 vendor-advisory
https://ubuntu.com/security/notices/USN-3312-1 vendor-advisory
https://ubuntu.com/security/notices/USN-3312-2 vendor-advisory
https://ubuntu.com/security/notices/USN-3361-1 vendor-advisory
https://ubuntu.com/security/notices/USN-3422-1 vendor-advisory
https://ubuntu.com/security/notices/USN-3422-2 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2016-9604 third-party-advisory

Open in Interactive Console →