CVE-2017-15299
kernel: Incorrect updates of uninstantiated keys crash the kernel
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call.
El subsistema de claves KEYS en el kernel Linux hasta la versiĆ³n 4.13.7 gestiona de manera incorrecta el uso de add_key para una clave que ya existe, pero no se ha probado, lo que permite que usuarios locales provoquen una denegaciĆ³n de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) o que tengan un impacto sin especificar mediante una llamada del sistema manipulada.
A vulnerability was found in the key management subsystem of the Linux kernel. An update on an uninstantiated key could cause a kernel panic, leading to denial of service (DoS).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-10-14 CVE Reserved
- 2017-10-14 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html | Mailing List | |
https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1499828.html | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://marc.info/?t=150654188100001&r=1&w=2 | 2023-11-07 | |
https://marc.info/?t=150783958600011&r=1&w=2 | 2023-11-07 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:0654 | 2023-11-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1498016 | 2018-04-10 | |
https://usn.ubuntu.com/3798-1 | 2023-11-07 | |
https://usn.ubuntu.com/3798-2 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2017-15299 | 2018-04-10 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.13.6 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.13.6" | - |
Affected
|