Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1437Race Condition in Kernel

CWE-362Race ConditionCWE-416Use After FreeCWE-672Operation on a Resource after Expiration or ReleaseCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources
Severity
7.0HIGHNVD
EPSS
0.2%
top 52.47%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Linux KernelDebian LinuxOpensuse+3 more
Timeline
PublishedMay 7
Latest updateMay 2

Description

Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages5 packages

NVDlinux/linux_kernel< 2.6.34+1

Also affects: Debian Linux 5.0

Patches

Patch: bugzilla.redhat.comPatch: patchwork.kernel.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-mrjp-428h-53c5: Race condition in the find_keyring_by_name function in security/keys/keyring2022-05-02
CVEList
CVE-2010-1437: Race condition in the find_keyring_by_name function in security/keys/keyring2010-05-07

💥Exploits & PoCs

1
Exploit-DB
Linux Kernel 2.6.34 - 'find_keyring_by_name()' Local Memory Corruption2010-04-27

📋Vendor Advisories

2
Ubuntu
Linux kernel vulnerabilities2010-08-04
Red Hat
kernel: keyrings: find_keyring_by_name() can gain the freed keyring2010-04-23

💬Community

1
Bugzilla
CVE-2010-1437 kernel: keyrings: find_keyring_by_name() can gain the freed keyring2010-04-23
CVE-2010-1437 — Race Condition in Linux Kernel | cvebase