ACK/cmnt: [PATCH 0/2][T] CVE-2015-8539, CVE-2017-15299 - Multiple issues in the kernel keyring
Kleber Souza
kleber.souza at canonical.com
Fri Sep 28 10:02:56 UTC 2018
On 09/14/18 20:53, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8539.html
>
> The KEYS subsystem in the Linux kernel before 4.4 allows local users to
> gain privileges or cause a denial of service (BUG) via crafted keyctl
> commands that negatively instantiate a key, related to
> security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and
> security/keys/user_defined.c.
The CVE matrix is stating that Trusty is not affected by CVE-2015-8539,
but this seems to be an issue with the matrix since this patch is really
missing on Trusty.
>
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-15299
>
> The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of
> add_key for a key that already exists but is uninstantiated, which allows
> local users to cause a denial of service (NULL pointer dereference and
> system crash) or possibly have unspecified other impact via a crafted
> system call.
>
> These patches have been tested with the reproducers for both CVEs as
> well as the test-ecryptfs-utils.py QRT test which makes use of the
> kernel keyring when setting up and decrypting user's home directories.
>
> Tyler
>
>
Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
More information about the kernel-team
mailing list