PT-2015-4270 · Linux+5 · Linux Kernel+5

Publicado

2015-01-09

Atualizado

2024-03-14

CVE-2014-9529

CVSS v2.0

6.9

Média

Vetor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 3.18.2

Description A race condition in the key gc unused keys function allows local users to cause a denial of service, potentially resulting in memory corruption or panic, via keyctl commands that trigger access to a key structure member during garbage collection of a key.

Recommendations For Linux kernel versions through 3.18.2, consider restricting access to keyctl commands until a patch is available. As a temporary workaround, avoid using the keyctl commands that trigger access to a key structure member during garbage collection of a key. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALT-PU-2015-1058

ALT-PU-2015-1794

CESA-2015_0864

CESA-2015_1137

CVE-2014-9529

DSA-3128-1

MGASA-2015-0070

MGASA-2015-0075

MGASA-2015-0076

MGASA-2015-0077

MGASA-2015-0078

OPENSUSE-SU-2015_0713-1

OPENSUSE-SU-2015_0714-1

OPENSUSE-SU-2016_0301-1

OPENSUSE-SU-2016_0318-1

RHSA-2015:0864

RHSA-2015:1137

RHSA-2015:1138

RHSA-2015:1139

RHSA-2015_0864

RHSA-2015_1137

RHSA-2015_1139

SUSE-RU-2015:0621-1

SUSE-SU-2015:0581-1

SUSE-SU-2015:0736-1

SUSE-SU-2015:1174-1

SUSE-SU-2015:1376-1

USN-2511-1

USN-2512-1

USN-2513-1

USN-2514-1

USN-2515-1

USN-2516-1

USN-2516-2

USN-2516-3

USN-2517-1

USN-2518-1

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2015-4270 · Linux+5 · Linux Kernel+5

CVE-2014-9529

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 133