kernel: keyrings: find_keyring_by_name() can gain the freed keyring

Race condition in the findkeyringbyname function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service memory corruption and system crash or possibly have unspecified other impact via keyctl session commands that trigger access to a...

CVE-2010-1437

CVE-2010-1437 is a race condition in the Linux kernel’s keyring handling (find_keyring_by_name in security/keys/keyring.c) affecting version 2.6.34-rc5 and earlier. A local user can exploit this via keyctl session commands that access a dead keyring being deleted by key_cleanup, leading to memory...