CVE-2017-7472

Опубликовано: 01 апр. 2017

Источник: redhat

CVSS3: 5.5

Описание

The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.

A vulnerability was found in the Linux kernel where the keyctl_set_reqkey_keyring() function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in this product. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Affected
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2018:0152	25.01.2018
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2018:0151	25.01.2018
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2018:0181	25.01.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1442086kernel: keyctl_set_reqkey_keyring() leaks thread keyrings

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2017-7472

CVSS3: 5.5

ubuntu

около 8 лет назад

CVE-2017-7472

CVSS3: 5.5

nvd

около 8 лет назад

CVE-2017-7472

CVSS3: 5.5

debian

около 8 лет назад

The KEYS subsystem in the Linux kernel before 4.10.13 allows local use ...

GHSA-77r7-v55r-g5r7

CVSS3: 5.5

github

около 3 лет назад

ELSA-2018-0151

oracle-oval

больше 7 лет назад

ELSA-2018-0151: kernel security and bug fix update (IMPORTANT)

5.5 Medium

CVSS3