88 matches found
CVE-2017-15299
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of addkey for a key that already exists but is uninstantiated, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a crafted system call...
CVE-2017-15299
CVE-2017-15299 affects the Linux kernel KEYS subsystem: adding a key that already exists but is uninstantiated can cause a NULL pointer dereference, leading to a system crash (local DoS) or other impact. The issue is documented for kernels up to at least 4.13.7; remediation is to apply the kernel...
CVE-2017-15299
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of addkey for a key that already exists but is uninstantiated, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a crafted system call...
UBUNTU-CVE-2017-15299
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of addkey for a key that already exists but is uninstantiated, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a crafted system call...
Linux kernel KEYS subsystem denial of service vulnerability
The Linux Kernel is the kernel of the Linux operating system. Versions of Linux kernel prior to 4.10.13 have a denial of service vulnerability in the KEYS subsystem implementation, which can be exploited by a local attacker to cause a denial of service memory exhaustion via a series of...
DEBIAN-CVE-2017-7472
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service memory consumption via a series of KEYREQKEYDEFLTHREADKEYRING keyctlsetreqkeykeyring calls...
CVE-2017-7472
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service memory consumption via a series of KEYREQKEYDEFLTHREADKEYRING keyctlsetreqkeykeyring calls...
CVE-2017-7472
CVE-2017-7472 affects the KEYS subsystem of the Linux kernel prior to version 4.10.13. A local attacker can exhaust memory by repeatedly invoking keyctl_set_reqkey_keyring on KEY_REQKEY_DEFL_THREAD_KEYRING, leading to a denial of service. The vulnerability is triggered by a sequence of calls in t...
CVE-2017-7472
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service memory consumption via a series of KEYREQKEYDEFLTHREADKEYRING keyctlsetreqkeykeyring calls...
UBUNTU-CVE-2017-7472
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service memory consumption via a series of KEYREQKEYDEFLTHREADKEYRING keyctlsetreqkeykeyring calls...
Linux kernel ULL Null Pointer Reference Elevation of Privilege Vulnerability
The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the U.S. KEYS is one of the subsystems that returns all keys that match a pattern. A security vulnerability exists in the KEYS subsystem in versions of Linux kernel prior to 3.18. A local attack...
DEBIAN-CVE-2017-2647
The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash via vectors involving a NULL value for a certain match field, related to the keyringsearchiterator function in keyring.c...
CVE-2017-2647
CVE-2017-2647 affects the Linux kernel KEYS subsystem (keyring_search_iterator in keyring.c) and allows a local, authenticated user to trigger a NULL pointer dereference, enabling a crash or possible privilege escalation. The vulnerability is documented across multiple advisories; remediation is ...
CVE-2017-2647
The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash via vectors involving a NULL value for a certain match field, related to the keyringsearchiterator function in keyring.c...
UBUNTU-CVE-2017-2647
The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash via vectors involving a NULL value for a certain match field, related to the keyringsearchiterator function in keyring.c...
[SECURITY] [DLA 609-1] linux security update
Package : linux Version : 3.2.81-2 CVE ID : CVE-2016-3857 CVE-2016-4470 CVE-2016-5696 CVE-2016-5829 CVE-2016-6136 CVE-2016-6480 CVE-2016-6828 CVE-2016-7118 Debian Bug : 827561 This update fixes the CVEs described below. CVE-2016-3857 Chiachih Wu reported two bugs in the ARM OABI compatibility lay...
Scientific Linux Security Update : kernel on SL7.x x86_64 (20160216)
It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. CVE-2015-7872, Important - A flaw was found in the way the Linux kernel...
Important: Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update
Updated kernel-rt packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which giv...
kernel: Keyrings crash triggerable by unprivileged user
It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system...
Code injection
The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service BUG via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/userdefined.c...