oss-sec mailing list archives
CVE-2017-15299: Linux kernel: incorrect update of uninstantiated keys can crash a kernel
From: Vladis Dronov <vdronov () redhat com>
Date: Mon, 16 Oct 2017 05:09:05 -0400 (EDT)
Heololo,
[Suggested description] The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of the add_key() for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and a system crash) or possibly have unspecified other impact via a crafted system call. ------------------------------------------ [VulnerabilityType Other] CWE-476 NULL Pointer Dereference ------------------------------------------ [Vendor of Product] kernel.org: Linux kernel ------------------------------------------ [Affected Product Code Base] Linux kernel - upto v4.14 ------------------------------------------ [Affected Component] 'security/keys/keyring.c', 'security/keys/key.c' files, find_key_to_update(), key_create_or_update() functions ------------------------------------------ [Attack Type] Local ------------------------------------------ [Impact Denial of Service] true ------------------------------------------ [Attack Vectors] to exploit a vulnerability an attacker should run a certain binary as unprivileged user ------------------------------------------ [Reference] https://bugzilla.redhat.com/show_bug.cgi?id=1498016 https://www.mail-archive.com/linux-kernel () vger kernel org/msg1499828.html https://marc.info/?t=150654188100001&r=1&w=2 https://marc.info/?t=150783958600011&r=1&w=2 ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Eric Biggers <ebiggers () google com> Use CVE-2017-15299.
Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Current thread:
- CVE-2017-15299: Linux kernel: incorrect update of uninstantiated keys can crash a kernel Vladis Dronov (Oct 16)