PT-2017-12395 · Linux+5 · Linux Kernel+5

Eric Biggers

Published

2017-10-05

Updated

2023-02-12

CVE-2017-12192

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.13.5

Description The issue arises from the keyctl read key function in the Key Management subcomponent of the Linux kernel, which does not properly handle keys that are possessed but negatively instantiated. This oversight allows local users to trigger a denial of service, resulting in an OOPS and system crash, by executing a crafted KEYCTL READ operation.

Recommendations For Linux kernel versions prior to 4.13.5, update to version 4.13.5 or later to resolve the issue.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2017-2378

ALT-PU-2018-1991

CESA-2018_0151

CESA-2020_2430

CVE-2017-12192

RHSA-2018:0151

RHSA-2018:0152

RHSA-2018:0181

RHSA-2018:0654

RHSA-2018_0151

RHSA-2018_0152

RHSA-2020:2430

RHSA-2020_2430

USN-3469-1

USN-3469-2

USN-3487-1

USN-3583-1

USN-3583-2

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2017-12395 · Linux+5 · Linux Kernel+5

CVE-2017-12192

Weakness Enumeration

Related Identifiers

Affected Products

References · 57