PT-2006-2525 · Linux+1 · Linux Kernel+1
Daniel Wachdorf
+1
·
Published
2006-04-10
·
Updated
2023-02-13
·
CVE-2006-1522
CVSS v2.0
4.9
Medium
| Vector | AV:L/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 2.6.17
Description:
The issue allows local users to cause a denial of service via keyctl requests that add a key to a user key instead of a keyring key, resulting in an invalid dereference in the
keyring search one function. This occurs due to a problem in the sys add key function within the keyring code.Recommendations:
For Linux kernel versions prior to 2.6.17, consider restricting access to the
sys add key function until a patch is available. As a temporary workaround, avoid using the keyctl requests that add a key to a user key instead of a keyring key to minimize the risk of exploitation.Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel
Red Hat