The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
3.13.0-93.1403.19.0-66.74~14.04.14.4.0-34.53~14.04.14.4.0-34.534.4.0-1019.254.4.0-1022.25Exploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:NI:NA:HCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H