PT-2013-3397 · Linux+4 · Linux Kernel+4

Mateusz Guzik

Publicado

2013-03-22

Atualizado

2023-02-13

CVE-2013-1792

CVSS v2.0

4.7

Média

Vetor

AV:L/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.8.3

Description A race condition issue exists in the install user keyrings function, allowing local users to cause a denial of service through crafted keyctl system calls. This can lead to a NULL pointer dereference and system crash when keyring operations are triggered in simultaneous threads.

Recommendations For Linux kernel versions prior to 3.8.3, update to version 3.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to keyctl system calls to minimize the risk of exploitation.

Exploit

Correção

DoS

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALT-PU-2013-1178

CESA-2013_0744

CVE-2013-1792

DSA-2668-1

OPENSUSE-SU-2013_1187-1

OPENSUSE-SU-2014_0204-1

RHSA-2013:0744

RHSA-2013:0829

RHSA-2013_0744

SUSE-SU-2015:0481-1

SUSE-SU-2015:0652-1

USN-1787-1

USN-1788-1

USN-1792-1

USN-1793-1

USN-1794-1

USN-1795-1

USN-1796-1

USN-1797-1

USN-1798-1

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2013-3397 · Linux+4 · Linux Kernel+4

CVE-2013-1792

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 41