Lucene search
K

181 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:38 a.m.5 views

SUSE CVE-2017-15274

security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service NULL pointer dereference and OOPS via a crafted addkey or keyctl system call, a different...

5.5CVSS5.9AI score0.00452EPSS
Exploits0References36
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.1 views

SUSE CVE-2017-18270

In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service...

7.1CVSS7AI score0.00421EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/12/15 4:27 p.m.6 views

kernel: watch queue race condition can lead to privilege escalation

A race condition was found in the Linux kernel's watch queue due to a missing lock in the piperesizering. The race condition occurs when a thread uses ioctlIOCWATCHQUEUESETSIZE to resize the pipe buffer and free the old pipe buffer, while another thread uses keyctl to trigger a notification in th...

7CVSS6.7AI score0.00361EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/12/13 4:8 p.m.5 views

kernel: watch queue race condition can lead to privilege escalation

A race condition was found in the Linux kernel's watch queue due to a missing lock in the piperesizering. The race condition occurs when a thread uses ioctlIOCWATCHQUEUESETSIZE to resize the pipe buffer and free the old pipe buffer, while another thread uses keyctl to trigger a notification in th...

7CVSS6.7AI score0.00361EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2022/08/23 7:10 p.m.271 views

CVE-2022-2959

A race condition was found in the Linux kernel's watch queue due to a missing lock in the piperesizering. The race condition occurs when a thread uses ioctlIOCWATCHQUEUESETSIZE to resize the pipe buffer and free the old pipe buffer, while another thread uses keyctl to trigger a notification in th...

7CVSS1.9AI score0.00361EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/06/09 9:3 p.m.4 views

kernel: NULL pointer dereference due to KEYCTL_READ on negative key

A vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCLREAD on a negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel...

5.5CVSS6.5AI score0.00453EPSS
Exploits0References5
Veracode
Veracode
added 2020/04/10 1:6 a.m.44 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A NULL pointer dereference flaw was found in the way the Linux kernel's key management facility handled user-defined key types. A local, unprivileged user could use the keyctl utility to cause a denial of service...

2.1CVSS2.3AI score0.00489EPSS
Exploits2References20Affected Software2
Veracode
Veracode
added 2020/04/10 12:30 a.m.39 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists if a memory leak in keyctl handling. A local user could use this flaw to deplete kernel memory, eventually leading to a denial of service...

4.9CVSS1.9AI score0.00408EPSS
Exploits1References23Affected Software2
RedHat Linux
RedHat Linux
added 2019/07/30 9:16 a.m.4 views

kernel: dereferencing NULL payload with nonzero length

A flaw was found in the implementation of associative arrays where the addkey systemcall and KEYCTLUPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer...

5.5CVSS6.6AI score0.00452EPSS
Exploits0References4
Veracode
Veracode
added 2019/05/16 2:22 a.m.36 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service attacks. A local, authenticated attacker could exploit the flawed Keyring Handler component and create keyrings for other users via keyctl commands...

7.1CVSS6.7AI score0.00421EPSS
Exploits0References13Affected Software2
Veracode
Veracode
added 2019/01/15 9:20 a.m.33 views

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service DoS attacks. The vulnerability exists as the KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service BUG via crafted keyctl commands that negatively instantiate a key, related to...

7.8CVSS7.1AI score0.00427EPSS
Exploits0References27Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/17 2:20 p.m.35 views

Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-1066 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the...

7.8CVSS1AI score0.24575EPSS
Exploits7Affected Software1
CNVD
CNVD
added 2018/05/22 12:0 a.m.1 views

Linux kernel denial of service vulnerability (CNVD-2018-09997)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in Linux kernel versions prior to 4.13.5. A local attacker can exploit this vulnerability with the help of the keyctl command to create...

7.1CVSS6.4AI score0.00421EPSS
Exploits0References1
OSV
OSV
added 2018/05/18 4:29 p.m.3 views

DEBIAN-CVE-2017-18270

In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service...

7.1CVSS7.5AI score0.00421EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/05/18 12:0 a.m.33 views

CVE-2017-18270

In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service...

7.1CVSS7AI score0.00421EPSS
Exploits0References5
OSV
OSV
added 2018/05/18 12:0 a.m.1 views

UBUNTU-CVE-2017-18270

In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service...

7.1CVSS7AI score0.00421EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2018/04/10 3:23 p.m.5 views

kernel: improper keyrings creation

A flaw was found in the Linux kernel in the way a local user could create keyrings for other users via keyctl commands. This may allow an attacker to set unwanted defaults, a denial of service, or possibly leak keyring information between users...

7.1CVSS7.1AI score0.00421EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2018/04/10 9:1 a.m.4 views

kernel: dereferencing NULL payload with nonzero length

A flaw was found in the implementation of associative arrays where the addkey systemcall and KEYCTLUPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer...

5.5CVSS6.6AI score0.00452EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/03/06 9:41 p.m.4 views

kernel: improper keyrings creation

A flaw was found in the Linux kernel in the way a local user could create keyrings for other users via keyctl commands. This may allow an attacker to set unwanted defaults, a denial of service, or possibly leak keyring information between users...

7.1CVSS7.1AI score0.00421EPSS
Exploits0References6
NVD
NVD
added 2017/10/12 12:29 a.m.26 views

CVE-2017-15274

security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service NULL pointer dereference and OOPS via a crafted addkey or keyctl system call, a different...

5.5CVSS5.3AI score0.00452EPSS
Exploits0References9
Rows per page
Query Builder