PT-2017-4261 · Linux+3 · Linux Kernel+3

Eric Biggers

Published

2017-10-13

Updated

2018-10-30

CVE-2017-15299

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.13.7

Description The issue is related to errors in pointer dereferencing in the KEYS subsystem of the Linux kernel. It can be exploited by an attacker to cause a denial of service, resulting in a system crash due to a NULL pointer dereference. The exploitation is possible through a crafted system call, specifically when using add key for a key that already exists but is uninstantiated.

Recommendations For Linux kernel versions prior to 4.13.7, update to version 4.13.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the add key system call to minimize the risk of exploitation.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2017-2434

ALT-PU-2018-1991

BDU:2023-07687

CVE-2017-15299

DLA-1200-1

MGASA-2017-0463

MGASA-2017-0466

MGASA-2017-0467

MGASA-2018-0062

MGASA-2018-0063

MGASA-2018-0064

RHSA-2018:0654

SUSE-SU-2018:0834-1

SUSE-SU-2018:0848-1

USN-3485-1

USN-3485-2

USN-3485-3

USN-3507-1

USN-3507-2

USN-3798-1

USN-3798-2

Affected Products

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2017-4261 · Linux+3 · Linux Kernel+3

CVE-2017-15299

Weakness Enumeration

Related Identifiers

Affected Products

References · 172