PT-2017-12396 · Linux+5 · Linux Kernel+5

Wu Fan

Published

2017-11-02

Updated

2023-02-12

CVE-2017-12193

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.13.11

Description The issue is related to the assoc array insert into terminal node function in lib/assoc array.c, which mishandles node splitting. This allows local users to cause a denial of service, resulting in a NULL pointer dereference and panic, via a crafted application. The keyring key type, and key addition and link creation operations, can be used to demonstrate this issue.

Recommendations For Linux kernel versions prior to 4.13.11, update to version 4.13.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the assoc array insert into terminal node function until a patch is available.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2017-2559

ALT-PU-2017-2561

ALT-PU-2017-2562

ALT-PU-2018-1991

CESA-2018_0151

CVE-2017-12193

MGASA-2017-0463

MGASA-2017-0466

MGASA-2017-0467

MGASA-2018-0062

MGASA-2018-0063

MGASA-2018-0064

OPENSUSE-SU-2017_3358-1

OPENSUSE-SU-2017_3359-1

RHSA-2018:0151

RHSA-2018:0152

RHSA-2018:0181

RHSA-2018_0151

RHSA-2018_0152

SUSE-SU-2017:3210-1

SUSE-SU-2017:3249-1

SUSE-SU-2017:3398-1

SUSE-SU-2017:3410-1

SUSE-SU-2018:0213-1

USN-3507-1

USN-3507-2

USN-3509-1

USN-3509-2

USN-3509-3

USN-3509-4

USN-3698-1

USN-3698-2

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2017-12396 · Linux+5 · Linux Kernel+5

CVE-2017-12193

Weakness Enumeration

Related Identifiers

Affected Products

References · 363