APPLIED: [PATCH 0/1][T] CVE-2017-2647 - DoS or privesc in kernel keyring
khalid.elmously at canonical.com
Wed Nov 28 07:32:57 UTC 2018
On 2018-11-20 02:22:33 , Tyler Hicks wrote:
> The KEYS subsystem in the Linux kernel before 3.18 allows local users to
> gain privileges or cause a denial of service (NULL pointer dereference and
> system crash) via vectors involving a NULL value for a certain match field,
> related to the keyring_search_iterator function in keyring.c.
> Clean cherry pick from linux-stable. I tested with the reproducer in the
> upstream bug report on the keyring mailing list as well as simple keyring
> regression testing using test-ecryptfs-utils.py from QRT.
> I actually think that Trusty kernel commit 5661a2f3b583 ("KEYS: Change the name
> of the dead type to ".dead" to prevent user access"), which fixes
> CVE-2017-6951, is sufficient in addressing CVE-2017-2647 but feel more
> comfortable applying this fix in addition.
>  https://www.spinics.net/lists/keyrings/msg01845.html
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
More information about the kernel-team