PT-2017-12395 · Linux+5 · Linux Kernel+5

Eric Biggers

Publicado

2017-10-05

Atualizado

2023-02-12

CVE-2017-12192

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.13.5

Description The issue arises from the keyctl read key function in the Key Management subcomponent of the Linux kernel, which does not properly handle keys that are possessed but negatively instantiated. This oversight allows local users to trigger a denial of service, resulting in an OOPS and system crash, by executing a crafted KEYCTL READ operation.

Recommendations For Linux kernel versions prior to 4.13.5, update to version 4.13.5 or later to resolve the issue.

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2017-2378

ALT-PU-2018-1991

CESA-2018_0151

CESA-2020_2430

CVE-2017-12192

RHSA-2018:0151

RHSA-2018:0152

RHSA-2018:0181

RHSA-2018:0654

RHSA-2018_0151

RHSA-2018_0152

RHSA-2020:2430

RHSA-2020_2430

USN-3469-1

USN-3469-2

USN-3487-1

USN-3583-1

USN-3583-2

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2017-12395 · Linux+5 · Linux Kernel+5

CVE-2017-12192

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 57