Описание
In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.
A flaw was found in the Linux kernel in the way a local user could create keyrings for other users via keyctl commands. This may allow an attacker to set unwanted defaults, a denial of service, or possibly leak keyring information between users.
Отчет
The impact is Moderate, because the impact is only for userspace programs if using keyctl incorrectly. For root-level processes (usually during boot) keyctl being used securely without possibility of leaking keys between users.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise MRG 2 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2018:0412 | 06.03.2018 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2018:1062 | 10.04.2018 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
4.4 Medium
CVSS3
Связанные уязвимости
In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.
In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.
In the Linux kernel before 4.13.5, a local user could create keyrings ...
In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.
ELSA-2022-9852: Unbreakable Enterprise kernel security update (IMPORTANT)
EPSS
4.4 Medium
CVSS3