APPLIED: [PATCH 0/1][T] CVE-2017-2647 - DoS or privesc in kernel keyring
Khaled Elmously
khalid.elmously at canonical.com
Wed Nov 28 07:32:57 UTC 2018
On 2018-11-20 02:22:33 , Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2647.html
>
> The KEYS subsystem in the Linux kernel before 3.18 allows local users to
> gain privileges or cause a denial of service (NULL pointer dereference and
> system crash) via vectors involving a NULL value for a certain match field,
> related to the keyring_search_iterator function in keyring.c.
>
> Clean cherry pick from linux-stable. I tested with the reproducer in the
> upstream bug report on the keyring mailing list[1] as well as simple keyring
> regression testing using test-ecryptfs-utils.py from QRT.
>
> I actually think that Trusty kernel commit 5661a2f3b583 ("KEYS: Change the name
> of the dead type to ".dead" to prevent user access"), which fixes
> CVE-2017-6951, is sufficient in addressing CVE-2017-2647 but feel more
> comfortable applying this fix in addition.
>
> Tyler
>
> [1] https://www.spinics.net/lists/keyrings/msg01845.html
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list