Описание
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Release NotesVendor Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchVendor Advisory
- Issue TrackingPatchThird Party Advisory
- Release NotesVendor Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchVendor Advisory
Уязвимые конфигурации
EPSS
5.5 Medium
CVSS3
4.9 Medium
CVSS2
Дефекты
Связанные уязвимости
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not cons ...
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.
Security update for Linux Kernel Live Patch 18 for SLE 12 SP1
EPSS
5.5 Medium
CVSS3
4.9 Medium
CVSS2