oss-sec mailing list archives
CVE-2017-12192 kernel: NULL pointer dereference due to KEYCTL_READ on negative key
From: Wade Mealing <wmealing () redhat com>
Date: Thu, 12 Oct 2017 14:47:14 +1000
Gday, A vulnerability in the Key Management sub component was found in the Linux kernel. Trying to KEYTCL_READ on negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel. It looks as though the read primitive is limited to a fixed address so this has very limited use as an arbitrary read primitive to leverage for another exploit. Fixed by: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678 Introduced by: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=61ea0c0ba904a55f55317d850c1072ff7835ac92 Wade Mealing
Current thread:
- CVE-2017-12192 kernel: NULL pointer dereference due to KEYCTL_READ on negative key Wade Mealing (Oct 11)