PT-2017-4261 · Linux+3 · Linux Kernel+3

Eric Biggers

·

Publicado

2017-10-13

·

Atualizado

2018-10-30

·

CVE-2017-15299

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.13.7
Description The issue is related to errors in pointer dereferencing in the KEYS subsystem of the Linux kernel. It can be exploited by an attacker to cause a denial of service, resulting in a system crash due to a NULL pointer dereference. The exploitation is possible through a crafted system call, specifically when using add key for a key that already exists but is uninstantiated.
Recommendations For Linux kernel versions prior to 4.13.7, update to version 4.13.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the add key system call to minimize the risk of exploitation.

Exploit

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2017-2434
ALT-PU-2018-1991
BDU:2023-07687
CVE-2017-15299
DLA-1200-1
MGASA-2017-0463
MGASA-2017-0466
MGASA-2017-0467
MGASA-2018-0062
MGASA-2018-0063
MGASA-2018-0064
RHSA-2018:0654
SUSE-SU-2018:0834-1
SUSE-SU-2018:0848-1
USN-3485-1
USN-3485-2
USN-3485-3
USN-3507-1
USN-3507-2
USN-3798-1
USN-3798-2

Produtos afetados

Alt Linux
Linux Kernel
Suse
Ubuntu