ACK: [PATCH 0/1][T] CVE-2017-2647 - DoS or privesc in kernel keyring

Khaled Elmously khalid.elmously at
Wed Nov 28 07:31:08 UTC 2018

On 2018-11-20 02:22:33 , Tyler Hicks wrote:
>  The KEYS subsystem in the Linux kernel before 3.18 allows local users to
>  gain privileges or cause a denial of service (NULL pointer dereference and
>  system crash) via vectors involving a NULL value for a certain match field,
>  related to the keyring_search_iterator function in keyring.c.
> Clean cherry pick from linux-stable. I tested with the reproducer in the
> upstream bug report on the keyring mailing list[1] as well as simple keyring
> regression testing using from QRT.
> I actually think that Trusty kernel commit 5661a2f3b583 ("KEYS: Change the name
> of the dead type to ".dead" to prevent user access"), which fixes
> CVE-2017-6951, is sufficient in addressing CVE-2017-2647 but feel more
> comfortable applying this fix in addition.
> Tyler
> [1]

Acked-by: Khalid Elmously <khalid.elmously at>

More information about the kernel-team mailing list