oss-sec mailing list archives

CVE-2017-7472 Linux kernel: KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings

From: Vladis Dronov <vdronov () redhat com>
Date: Thu, 11 May 2017 12:21:53 -0400 (EDT)

Hello,

A vulnerability was found in the Linux kernel from v2.6.29-rc1 (since
commit d84f4f992cbd) upto v4.11-rc8 (commit c9f838d104). It was found
that keyctl_set_reqkey_keyring() function leaks thread keyring which
allows unprivileged local user to exhaust kernel memory and thus to
cause DoS.

cvss3=5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cwe=CWE-400

References:

https://lkml.org/lkml/2017/4/1/235

https://lkml.org/lkml/2017/4/3/724

https://bugzilla.redhat.com/show_bug.cgi?id=1442086

https://bugzilla.novell.com/show_bug.cgi?id=1034862

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d68164712e3204bf5271b

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Current thread:

CVE-2017-7472 Linux kernel: KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings Vladis Dronov (May 11)
- CVE-2017-7487: Linux kernel: ipx: call ipxitf_put() in ioctl error path Vladis Dronov (May 12)