Robert Åwiäcki

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.39.1 **Description** The issue is related to the key replace session keyring function in the Linux kernel, which does not initialize a certain structure member. This can be exploited by local users to cause a denial of service, resulting in a NULL pointer dereference and OOPS, or possibly have other unspecified impacts. The exploitation is possible via a KEYCTL SESSION TO PARENT argument to the keyctl function. **Recommendations** For Linux kernel versions prior to 2.6.39.1, update to version 2.6.39.1 or later to resolve the issue.