[PATCH 0/2][T] CVE-2015-8539, CVE-2017-15299 - Multiple issues in the kernel keyring
Tyler Hicks
tyhicks at canonical.com
Fri Sep 14 18:53:43 UTC 2018
https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8539.html
The KEYS subsystem in the Linux kernel before 4.4 allows local users to
gain privileges or cause a denial of service (BUG) via crafted keyctl
commands that negatively instantiate a key, related to
security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and
security/keys/user_defined.c.
https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-15299
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of
add_key for a key that already exists but is uninstantiated, which allows
local users to cause a denial of service (NULL pointer dereference and
system crash) or possibly have unspecified other impact via a crafted
system call.
These patches have been tested with the reproducers for both CVEs as
well as the test-ecryptfs-utils.py QRT test which makes use of the
kernel keyring when setting up and decrypting user's home directories.
Tyler
More information about the kernel-team
mailing list