PT-2017-12396 · Linux+5 · Linux Kernel+5

Wu Fan

·

Publicado

2017-11-02

·

Atualizado

2023-02-12

·

CVE-2017-12193

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.13.11
Description The issue is related to the assoc array insert into terminal node function in lib/assoc array.c, which mishandles node splitting. This allows local users to cause a denial of service, resulting in a NULL pointer dereference and panic, via a crafted application. The keyring key type, and key addition and link creation operations, can be used to demonstrate this issue.
Recommendations For Linux kernel versions prior to 4.13.11, update to version 4.13.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the assoc array insert into terminal node function until a patch is available.

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2017-2559
ALT-PU-2017-2561
ALT-PU-2017-2562
ALT-PU-2018-1991
CESA-2018_0151
CVE-2017-12193
MGASA-2017-0463
MGASA-2017-0466
MGASA-2017-0467
MGASA-2018-0062
MGASA-2018-0063
MGASA-2018-0064
OPENSUSE-SU-2017_3358-1
OPENSUSE-SU-2017_3359-1
RHSA-2018:0151
RHSA-2018:0152
RHSA-2018:0181
RHSA-2018_0151
RHSA-2018_0152
SUSE-SU-2017:3210-1
SUSE-SU-2017:3249-1
SUSE-SU-2017:3398-1
SUSE-SU-2017:3410-1
SUSE-SU-2018:0213-1
USN-3507-1
USN-3507-2
USN-3509-1
USN-3509-2
USN-3509-3
USN-3509-4
USN-3698-1
USN-3698-2

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu