Linux Landlock Logic Bug

Linux: landlock can be disabled thanks to missing credtransfer hook; and Smack looks dodgy too I found a logic bug that makes it possible for a process to get rid of all Landlock restrictions applied to it: When a process' cred struct is replaced, this almost always invokes the credprepare LSM...

CVE-2024-42318

In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on credtransfer When a process' cred struct is replaced, this almost always invokes the credprepare LSM hook; but in one special case when KEYCTLSESSIONTOPARENT updates the parent's...

CVE-2024-42318

In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on credtransfer When a process' cred struct is replaced, this almost always invokes the credprepare LSM hook; but in one special case when KEYCTLSESSIONTOPARENT updates the parent's...

kernel: watch_queue: Actually free the watch

In the Linux kernel, the following vulnerability has been resolved: watchqueue: Actually free the watch freewatch does everything barring actually freeing the watch object. Fix this by adding the missing kfree. kmemleak produces a report something like the following. Note that as an address can b...

K94105604: Linux kernel vulnerability CVE-2015-7872

Security Advisory Description The keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service OOPS via crafted keyctl commands. CVE-2015-7872 Impact A local user may be able to cause a denial-of-service DoS attack on the system ...

K37301725: Linux kernel vulnerability CVE-2017-18270

Security Advisory Description In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service. CVE-2017-18270 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

K55672042: Linux kernel vulnerability CVE-2016-4470

Security Advisory Description The keyrejectandlink function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service system crash via vectors involving a crafted keyctl request2...

SUSE CVE-2006-1522

The sysaddkey function in the keyring code in Linux kernel 2.6.16.1 and 2.6.17-rc1, and possibly earlier versions, allows local users to cause a denial of service OOPS via keyctl requests that add a key to a user key instead of a keyring key, which causes an invalid dereference in the...

SUSE CVE-2009-0031

Memory leak in the keyctljoinsessionkeyring function security/keys/keyctl.c in Linux kernel 2.6.29-rc2 and earlier allows local users to cause a denial of service kernel memory consumption via unknown vectors related to a "missing kfree."...

SUSE CVE-2009-3624

The getinstantiationkeyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service OOPS via vectors involving calls to this...

SUSE CVE-2013-1792

Race condition in the installuserkeyrings function in security/keys/processkeys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service NULL pointer dereference and system crash via crafted keyctl system calls that trigger keyring operations in simultaneous threads...

SUSE CVE-2014-0102

The keyringdetectcycleiterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service OOPS via crafted keyctl commands...

SUSE CVE-2014-3631

The assocarraygc function in the associative-array implementation in lib/assocarray.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified othe...

SUSE CVE-2014-9529

Race condition in the keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service memory corruption or panic or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during...

SUSE CVE-2015-7550

The keyctlreadkey function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a crafted application that leverag...

SUSE CVE-2015-7872

The keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service OOPS via crafted keyctl commands...

SUSE CVE-2015-8539

The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service BUG via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/userdefined.c...

SUSE CVE-2016-0728

The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via crafted keyctl commands...

SUSE CVE-2016-4470

The keyrejectandlink function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service system crash via vectors involving a crafted keyctl request2 command...

SUSE CVE-2017-12192

The keyctlreadkey function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service OOPS and system crash via a crafted...