ACK: [PATCH 0/1][T] CVE-2017-2647 - DoS or privesc in kernel keyring

Khaled Elmously khalid.elmously at canonical.com
Wed Nov 28 07:31:08 UTC 2018


On 2018-11-20 02:22:33 , Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2647.html
> 
>  The KEYS subsystem in the Linux kernel before 3.18 allows local users to
>  gain privileges or cause a denial of service (NULL pointer dereference and
>  system crash) via vectors involving a NULL value for a certain match field,
>  related to the keyring_search_iterator function in keyring.c.
> 
> Clean cherry pick from linux-stable. I tested with the reproducer in the
> upstream bug report on the keyring mailing list[1] as well as simple keyring
> regression testing using test-ecryptfs-utils.py from QRT.
> 
> I actually think that Trusty kernel commit 5661a2f3b583 ("KEYS: Change the name
> of the dead type to ".dead" to prevent user access"), which fixes
> CVE-2017-6951, is sufficient in addressing CVE-2017-2647 but feel more
> comfortable applying this fix in addition.
> 
> Tyler
> 
> [1] https://www.spinics.net/lists/keyrings/msg01845.html
> 

Acked-by: Khalid Elmously <khalid.elmously at canonical.com>




More information about the kernel-team mailing list