CVE-2009-3624

CWE-3106 documents6 sources
Severity
4.6MEDIUM
EPSS
0.1%
top 80.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux Linux KernelLinux Kernel
Timeline
PublishedNov 2
Latest updateMay 2

Description

The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

NVDlinux/linux_kernel2.6.32+336
NVDlinux/kernel2.6.24.7, 2.6.25.15+1

🔴Vulnerability Details

2
GHSA
GHSA-gx7p-6h8g-757g: The get_instantiation_keyring function in security/keys/keyctl2022-05-02
CVEList
CVE-2009-3624: The get_instantiation_keyring function in security/keys/keyctl2009-11-02

📋Vendor Advisories

2
Ubuntu
Linux kernel vulnerabilities2009-12-05
Red Hat
kernel: get_instantiation_keyring() should inc the keyring refcount in all cases2009-10-15

💬Community

1
Bugzilla
CVE-2009-3624 kernel: get_instantiation_keyring() should inc the keyring refcount in all cases2009-10-22
CVE-2009-3624 (MEDIUM CVSS 4.6) | The get_instantiation_keyring funct | cvebase.io