oss-sec mailing list archives

Security issue in Linux Kernel Keyring (CVE-2015-1333)

From: Tyler Hicks <tyhicks () canonical com>
Date: Mon, 27 Jul 2015 09:18:55 -0500

While improving the system call coverage in stress-ng[1], Colin Ian King
discovered a bug in the Linux kernel keyring that can be used to cause a
local denial of service due to memory exhaustion when the same key is
repeatedly added to the kernel keyring via the add_key() syscall.

This issue has been assigned CVE-2015-1333.

I've attached the fix since I don't yet have an upstream git commit
hash.

Tyler

[1] http://kernel.ubuntu.com/~cking/stress-ng/

Attachment: CVE-2015-1333.patch
Description:

Attachment: signature.asc
Description: Digital signature

Current thread:

Security issue in Linux Kernel Keyring (CVE-2015-1333) Tyler Hicks (Jul 27)
- Re: Security issue in Linux Kernel Keyring (CVE-2015-1333) Tyler Hicks (Jul 28)