Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 11 May 2017 12:21:53 -0400 (EDT)
From: Vladis Dronov <vdronov@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2017-7472 Linux kernel: KEYS: fix keyctl_set_reqkey_keyring()
 to not leak thread keyrings

Hello,

A vulnerability was found in the Linux kernel from v2.6.29-rc1 (since
commit d84f4f992cbd) upto v4.11-rc8 (commit c9f838d104). It was found
that keyctl_set_reqkey_keyring() function leaks thread keyring which
allows unprivileged local user to exhaust kernel memory and thus to
cause DoS.

cvss3=5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cwe=CWE-400

References:

https://lkml.org/lkml/2017/4/1/235

https://lkml.org/lkml/2017/4/3/724

https://bugzilla.redhat.com/show_bug.cgi?id=1442086

https://bugzilla.novell.com/show_bug.cgi?id=1034862

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d68164712e3204bf5271b

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.