Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-9529

Опубликовано: 29 дек. 2014
Источник: redhat
CVSS2: 4.9
EPSS Низкий

Описание

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.

A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelFixedRHSA-2015:086421.04.2015
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2015:113923.06.2015
Red Hat Enterprise Linux 7kernelFixedRHSA-2015:113723.06.2015
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2015:113823.06.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1179813kernel: use-after-free during key garbage collection

EPSS

Процентиль: 27%
0.00094
Низкий

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-9529

ubuntu
больше 10 лет назад

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.

nvd логотип

CVE-2014-9529

nvd
больше 10 лет назад

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.

debian логотип

CVE-2014-9529

debian
больше 10 лет назад

Race condition in the key_gc_unused_keys function in security/keys/gc. ...

github логотип

GHSA-wc9w-8x8g-533g

github
около 3 лет назад

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.

oracle-oval логотип

ELSA-2015-3032

oracle-oval
больше 10 лет назад

ELSA-2015-3032: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 27%
0.00094
Низкий

4.9 Medium

CVSS2