Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service attacks. A local authenticated attacker is able exhaust kernel memory via a flaw in the keyctlsetreqkeykeyring function leading to denial of service conditions...

kernel: keyctl_set_reqkey_keyring() leaks thread keyrings

A vulnerability was found in the Linux kernel where the keyctlsetreqkeykeyring function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RHEL 7 : kernel-rt (RHSA-2018:0152)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0152 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

Linux Kernel keyctl_set_reqkey_keyring Denial Of Service

/ Source: https://bugzilla.novell.com/showbug.cgi?id=1034862 QA REPRODUCER: gcc -O2 -o CVE-2017-7472 CVE-2017-7472.c -lkeyutils ./CVE-2017-7472 will run the kernel out of memory / include include int main for ;; keyctlsetreqkeykeyringKEYREQKEYDEFLTHREADKEYRING;...

Linux Kernel 4.10.13 - keyctl_set_reqkey_keyring Local Denial of Service

Linux Kernel 4.10.13 - keyctlsetreqkeykeyring Local Denial of Service / Source: https://bugzilla.novell.com/showbug.cgi?id=1034862 QA REPRODUCER: gcc -O2 -o CVE-2017-7472 CVE-2017-7472.c -lkeyutils ./CVE-2017-7472 will run the kernel out of memory / include include int main for ;;...

Linux Kernel < 4.10.13 - 'keyctl_set_reqkey_keyring' Local Denial of Service

/ Source: https://bugzilla.novell.com/showbug.cgi?id=1034862 QA REPRODUCER: gcc -O2 -o CVE-2017-7472 CVE-2017-7472.c -lkeyutils ./CVE-2017-7472 will run the kernel out of memory / include include int main for ;; keyctlsetreqkeykeyringKEYREQKEYDEFLTHREADKEYRING;...

Code injection

The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service memory consumption via a series of KEYREQKEYDEFLTHREADKEYRING keyctlsetreqkeykeyring calls...

CVE-2017-7472

The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service memory consumption via a series of KEYREQKEYDEFLTHREADKEYRING keyctlsetreqkeykeyring calls...

Kernel security update: CVE-2017-7472; new kernel 2.6.32-042stab123.2, Virtuozzo 6.0 Update 12 Hotfix 8 (6.0.12-3765)

This update provides a new kernel 2.6.32-042stab123.2 for Virtuozzo 6.0. The new kernel is based on the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.el6 and provides a security fix and stability bug fixes. Vulnerability id: CVE-2017-7472 It was found that keyctlsetreqkeykeyring function leaked...

Kernel security update: CVE-2017-7472; new kernel 2.6.32-042stab123.2 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

This update provides a new kernel 2.6.32-042stab123.2 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0. The new kernel is based on the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.el6 and provides a security fix and stability bug fixes. Vulnerability id: CVE-2017-7472 It was found...

CVE-2017-7472

A vulnerability was found in the Linux kernel where the keyctlsetreqkeykeyring function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS...