CVE-2014-9529

 

Published at: - 09-01-2015 10:59

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:M/Au:N/C:C/I:C/A:C

 

Verification logic

 

Reference

• https://github.com/torvalds/linux/commit/a3a8784454692dd72e5d5d34dcdab17b4420e74c
• [oss-security] 20150106 CVE-2014-9529 - Linux kernel security/keys/gc.c race condition-Mailing List, Patch, Third Party Advisory
• https://bugzilla.redhat.com/show_bug.cgi?id=1179813
• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a3a8784454692dd72e5d5d34dcdab17b4420e74c
• USN-2512-1-Third Party Advisory
• USN-2511-1-Third Party Advisory
• USN-2518-1-Third Party Advisory
• USN-2515-1-Third Party Advisory
• USN-2516-1-Third Party Advisory
• USN-2517-1-Third Party Advisory
• DSA-3128-Third Party Advisory
• USN-2514-1-Third Party Advisory
• USN-2513-1-Third Party Advisory
• MDVSA-2015:058-Third Party Advisory
• FEDORA-2015-0517-Third Party Advisory
• FEDORA-2015-0515-Third Party Advisory
• 71880-Third Party Advisory, VDB Entry
• openSUSE-SU-2015:0714-Mailing List, Third Party Advisory
• 1036763-Third Party Advisory, VDB Entry
• linux-kernel-cve20149529-dos(99641)-Third Party Advisory, VDB Entry
• RHSA-2015:1138-Third Party Advisory
• RHSA-2015:1137-Third Party Advisory
• RHSA-2015:0864-Third Party Advisory

 

Keywords

NVD

 

CVE-2014-9529

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures