CVE-2011-2184

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.39.1

Description The issue is related to the key replace session keyring function in the Linux kernel, which does not initialize a certain structure member. This can be exploited by local users to cause a denial of service, resulting in a NULL pointer dereference and OOPS, or possibly have other unspecified impacts. The exploitation is possible via a KEYCTL SESSION TO PARENT argument to the keyctl function.

Recommendations For Linux kernel versions prior to 2.6.39.1, update to version 2.6.39.1 or later to resolve the issue.