CVE-2017-12192

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 12-10-2017 02:29

Last modified: - 26-10-2022 01:44

Total changes: - 3

Description

The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation.

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

5.5

Base score

1.8

3.6

Exploitability score

Impact score

Verification logic

Reference

https://lkml.org/lkml/2017/9/18/764
https://bugzilla.redhat.com/show_bug.cgi?id=1493435
https://github.com/torvalds/linux/commit/37863c43b2c6464f252862bf2e9768264e961678
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678
RHSA-2018:0151-
USN-3583-2-
USN-3583-1-

Keywords

CVE-2017-12192

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2017-12192

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures