oss-sec mailing list archives
Security issue in Linux Kernel Keyring (CVE-2015-1333)
From: Tyler Hicks <tyhicks () canonical com>
Date: Mon, 27 Jul 2015 09:18:55 -0500
While improving the system call coverage in stress-ng[1], Colin Ian King discovered a bug in the Linux kernel keyring that can be used to cause a local denial of service due to memory exhaustion when the same key is repeatedly added to the kernel keyring via the add_key() syscall. This issue has been assigned CVE-2015-1333. I've attached the fix since I don't yet have an upstream git commit hash. Tyler [1] http://kernel.ubuntu.com/~cking/stress-ng/
Attachment:
CVE-2015-1333.patch
Description:
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Security issue in Linux Kernel Keyring (CVE-2015-1333) Tyler Hicks (Jul 27)
- Re: Security issue in Linux Kernel Keyring (CVE-2015-1333) Tyler Hicks (Jul 28)