kernel: Null pointer dereference due to incorrect node-splitting in assoc_array implementation

A flaw was found in the Linux kernel's implementation of associative arrays introduced in 3.13. This functionality was backported to the 3.10 kernels in Red Hat Enterprise Linux 7. The flaw involved a null pointer dereference in assocarrayapplyedit due to incorrect node-splitting in assocarray...

Linux kernel lib/assoc_array.c file denial of service vulnerability

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the 'assocarrayinsertintoterminalnode' function in the lib/assocarray.c file in versions of Linux kernel prior to 4.13.11. A local...

UBUNTU-CVE-2017-12193

The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service NULL pointer dereference and panic via a crafted application, as demonstrated by the keyring key type, and key...

PT-2017-12396 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.13.11 Description: The issue is related to the assoc array insert into terminal node function in lib/assoc array.c, which mishandles node splitting. This allows local users to cause a denial of service,...

kernel: assoc_array: don't call compare_object() on a node

The assocarrayinsertintoterminalnode function in 'lib/assocarray.c' in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service invalid pointer dereference and out-of-bounds read...