Описание
The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."
Отчет
This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1479.html, https://rhn.redhat.com/errata/RHSA-2011-1530.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | kernel | Affected | ||
| Red Hat Enterprise Linux 5 | kernel | Fixed | RHSA-2011:1479 | 29.11.2011 |
| Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2011:1530 | 05.12.2011 |
| Red Hat Enterprise Linux 6.1 EUS - Server Only | kernel | Fixed | RHSA-2012:0116 | 15.02.2012 |
| Red Hat Enterprise MRG 2 | kernel-rt | Fixed | RHSA-2012:0010 | 10.01.2012 |
| Red Hat Enterprise MRG 2 | kernel-rt | Fixed | RHSA-2012:0333 | 23.02.2012 |
Показывать по
Дополнительная информация
Статус:
4.9 Medium
CVSS2
Связанные уязвимости
The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."
The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."
The user_update function in security/keys/user_defined.c in the Linux ...
The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."
ELSA-2011-1530: Oracle Linux 6 kernel security, bug fix and enhancement update (MODERATE)
4.9 Medium
CVSS2