CVE-2017-15274

security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service NULL pointer dereference and OOPS via a crafted addkey or keyctl system call, a different...

DEBIAN-CVE-2017-15274

security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service NULL pointer dereference and OOPS via a crafted addkey or keyctl system call, a different...

CVE-2017-15274

security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service NULL pointer dereference and OOPS via a crafted addkey or keyctl system call, a different...

Linux kernel denial of service vulnerability (CNVD-2017-30420)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. Security/keys/keyctl.c in the Linux kernel does not take into account the combination of NULL payloads and...

CVE-2017-15274

CVE-2017-15274 affects the Linux kernel K ey Management subsystem: security/keys/keyctl.c fails to handle a NULL payload with a nonzero length, allowing local users to trigger a NULL pointer dereference and OOPS via crafted add_key or KEYCTL calls, resulting in DoS. The issue is chained to the ke...

UBUNTU-CVE-2017-12192

The keyctlreadkey function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service OOPS and system crash via a crafted...

UBUNTU-CVE-2017-15274

security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service NULL pointer dereference and OOPS via a crafted addkey or keyctl system call, a different...

DEBIAN-CVE-2017-7472

The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service memory consumption via a series of KEYREQKEYDEFLTHREADKEYRING keyctlsetreqkeykeyring calls...

Linux Kernel 'keyctl' Null Pointer Denial of Service Vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A null pointer denial of service vulnerability exists in Linux Kernel 'keyctl', which can be exploited by an attacker to cause a denial of service...

Linux Kernel Keyctl Null Pointer Dereference

OS-S Security Advisory 2016-21 Local DoS: Linux Kernel Nullpointer Dereference via keyctl Date: October 31th, 2016 Authors: Sergej Schumilo, Ralf Spenneberg, Hendrik Schwartke CVE: Not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Severity: Potentially critical. If the kernel is compiled with...

Linux Kernel Keyctl Null Pointer Dereference Vulnerability

A malicious interaction with the keyctl usermode interface allows an attacker to crash the kernel. Processing the attached certificate by the kernel leads to a kernel nullpointer dereference. This vulnerably can be triggered by any unprivileged user locally. Local DoS: Linux Kernel Nullpointer...

F5 Networks BIG-IP : Linux kernel vulnerability (K55672042)

The keyrejectandlink function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service system crash via vectors involving a crafted keyctl request2 command. CVE-2016-4470 C Tenable...

SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2018-1)

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddevioctlusage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:2105-1)

The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.62 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2014-9904: The sndcompresscheckinput function in sound/core/compressoffload.c in the ALSA subsystem in the Linux kernel did not properly check fo...

CVE-2016-4470

The keyrejectandlink function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service system crash via vectors involving a crafted keyctl request2 command...

CVE-2014-9529

Race condition in the keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service memory corruption or panic or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during...

Security update for the Linux Kernel (important)

The openSUSE 13.1 kernel was updated to 3.12.62 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-9904: The sndcompresscheckinput function in sound/core/compressoffload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer...

VulnCheck KEV: CVE-2016-0728

The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via crafted keyctl commands...

CVE-2016-4470

The keyrejectandlink function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service system crash via vectors involving a crafted keyctl request2 command...

Command injection

The keyrejectandlink function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service system crash via vectors involving a crafted keyctl request2 command...