Fix crash when attempt to garbage collect an uninstantiated keyring in kernel-security-KEYS CVE-2015-7872

Tracked by Jolla (In progress)

asked 2017-08-24 09:23:38 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-08-24 09:23:38 +0300

lpr gravatar image

The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.

Patch for Kernel-3.4 available.

file affected: kernel-adaptation-sbj- lines 174-178

edit retag flag offensive close delete