PT-2015-4270 · Linux+5 · Linux Kernel+5

Published

2015-01-09

·

Updated

2024-03-14

·

CVE-2014-9529

CVSS v2.0

6.9

Medium

VectorAV:L/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 3.18.2
Description A race condition in the key gc unused keys function allows local users to cause a denial of service, potentially resulting in memory corruption or panic, via keyctl commands that trigger access to a key structure member during garbage collection of a key.
Recommendations For Linux kernel versions through 3.18.2, consider restricting access to keyctl commands until a patch is available. As a temporary workaround, avoid using the keyctl commands that trigger access to a key structure member during garbage collection of a key. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2015-1058
ALT-PU-2015-1794
CESA-2015_0864
CESA-2015_1137
CVE-2014-9529
DSA-3128-1
MGASA-2015-0070
MGASA-2015-0075
MGASA-2015-0076
MGASA-2015-0077
MGASA-2015-0078
OPENSUSE-SU-2015_0713-1
OPENSUSE-SU-2015_0714-1
OPENSUSE-SU-2016_0301-1
OPENSUSE-SU-2016_0318-1
RHSA-2015:0864
RHSA-2015:1137
RHSA-2015:1138
RHSA-2015:1139
RHSA-2015_0864
RHSA-2015_1137
RHSA-2015_1139
SUSE-RU-2015:0621-1
SUSE-SU-2015:0581-1
SUSE-SU-2015:0736-1
SUSE-SU-2015:1174-1
SUSE-SU-2015:1376-1
USN-2511-1
USN-2512-1
USN-2513-1
USN-2514-1
USN-2515-1
USN-2516-1
USN-2516-2
USN-2516-3
USN-2517-1
USN-2518-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu