Description
The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Canonical / Ubuntu Linux10.10 – 10.10
- Canonical / Ubuntu Linux6.06 – 6.06
- Canonical / Ubuntu Linux8.04 – 8.04
- Canonical / Ubuntu Linux9.04 – 9.04
- Canonical / Ubuntu Linux9.10 – 9.10
- Canonical / Ubuntu Linux10.04 – 10.04
- Linux / Linux kernel2.6.35.4
- SUSE / suse_linux_enterprise_desktop11 – 11
- SUSE / SUSE Linux Enterprise Server11 – 11
References
- VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-1000-1
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2010/09/02/1
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/61557
- MISChttp://www.securityfocus.com/bid/42932
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0298
- VENDOR_ADVISORYhttp://secunia.com/advisories/41263
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html
- MISChttp://twitter.com/taviso/statuses/22777866582
- MISChttp://securitytracker.com/id?1024384
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=627440