CVE-2006-1522

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.17

Description: The issue allows local users to cause a denial of service via keyctl requests that add a key to a user key instead of a keyring key, resulting in an invalid dereference in the keyring search one function. This occurs due to a problem in the sys add key function within the keyring code.

Recommendations: For Linux kernel versions prior to 2.6.17, consider restricting access to the sys add key function until a patch is available. As a temporary workaround, avoid using the keyctl requests that add a key to a user key instead of a keyring key to minimize the risk of exploitation.