oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2017-12192 kernel: NULL pointer dereference due to KEYCTL_READ on negative key

From: Wade Mealing <wmealing () redhat com>
Date: Thu, 12 Oct 2017 14:47:14 +1000

Gday,

A vulnerability in the Key Management sub component was found in the Linux
kernel. Trying to KEYTCL_READ on negative key would lead to a NULL pointer
dereference. A local attacker could use this flaw to crash the kernel.

It looks as though the read primitive is limited to a fixed address so this
has very limited use as an arbitrary read primitive to leverage for another
exploit.

Fixed by:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678

Introduced by:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=61ea0c0ba904a55f55317d850c1072ff7835ac92

Wade Mealing
Previous By Date Next
Previous By Thread Next

Current thread: