Vulnerability Description
A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 4.7.3 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=163ae1PatchVendor Advisory
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.4Release NotesVendor Advisory
- http://www.securityfocus.com/bid/97404Third Party AdvisoryVDB Entry
- https://github.com/torvalds/linux/commit/163ae1c6ad6299b19e22b4a35d5ab24a89791a9PatchThird Party Advisory
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=163ae1PatchVendor Advisory
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.4Release NotesVendor Advisory
- http://www.securityfocus.com/bid/97404Third Party AdvisoryVDB Entry
- https://github.com/torvalds/linux/commit/163ae1c6ad6299b19e22b4a35d5ab24a89791a9PatchThird Party Advisory
FAQ
What is CVE-2016-10318?
CVE-2016-10318 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign a...
How severe is CVE-2016-10318?
CVE-2016-10318 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-10318?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.