Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 28 Jul 2015 12:26:33 -0500
From: Tyler Hicks <>
Cc: David Howells <>,
	Colin Ian King <>,
Subject: Re: Security issue in Linux Kernel Keyring

On 2015-07-27 09:18:55, Tyler Hicks wrote:
> While improving the system call coverage in stress-ng[1], Colin Ian King
> discovered a bug in the Linux kernel keyring that can be used to cause a
> local denial of service due to memory exhaustion when the same key is
> repeatedly added to the kernel keyring via the add_key() syscall.
> This issue has been assigned CVE-2015-1333.

mancha pinged me on IRC while trying to figure out what kernel versions
are affected and I realized that I forgot to include an import detail in
my original email.

The following commit introduced the issue:

  commit 034faeb9ef390d58239e1dce748143f6b35a0d9b
  Date:   Wed Oct 30 11:15:24 2013 +0000
      KEYS: Fix keyring quota misaccounting on key replacement and unlink

Which means that v3.13 and newer kernels are affected:

  $ git describe --contains 034faeb9ef390d58239e1dce748143f6b35a0d9b


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ