CVE-2017-7472
published 2017-05-11CVE-2017-7472: The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of…
PriorityP427medium5.5CVSS 3.0
AVLACLPRLUINSUCNINAH
EXPLOIT
EPSS
2.28%
81.0th percentile
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 4.9.25-1 (bookworm) | linux 4.9.25-1 (bookworm) |
| linux | linux_kernel | <= 4.10.12 | — |
| linux | linux_kernel | >= 0 < 4.9.25-1 | 4.9.25-1 |
| linux | linux_kernel | >= 0 < 4.9.25-1 | 4.9.25-1 |
| linux | linux_kernel | >= 0 < 4.9.25-1 | 4.9.25-1 |
| linux | linux_kernel | >= 0 < 4.9.25-1 | 4.9.25-1 |
| linux | linux_kernel | >= 0 < 3.13.0-132.181 | 3.13.0-132.181 |
| linux | linux_kernel | >= 0 < 4.4.0-79.100 | 4.4.0-79.100 |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
osv7.8HIGH
vendor_ubuntu7.8HIGH
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2017-09-18·CVSS 7.8
CVE-2016-10044 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)
It was discovered that the asynchronous I/O (aio) subsystem of the Linux
kernel did not properly set permissions on aio memory mappings in some
situations. An attacker could use this to more easily exploit other
vulnerabilities. (CVE-2016-10044)
Baozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3
IP Encapsulation implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system cra
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities
vendor_ubuntu·2017-09-18·CVSS 7.8
CVE-2016-10044 [HIGH] Linux kernel (Trusty HWE) vulnerabilities
Title: Linux kernel (Trusty HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3422-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 LTS.
It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)
It was discovered that the asynchronous I/O (aio) subsystem of the Linux
kernel did not properly set permissions on aio memory mappings in some
situations. An attacker could use this to more easily exploit other
vulnerabi
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2017-07-21·CVSS 5.5
CVE-2015-1350 [MEDIUM] Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please
note that this update changes the Linux HWE kernel to the 4.10 based
kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from
Ubuntu 16.10.
Ben Harris discovered that the Linux kernel would strip extended privilege
attributes of files when performing a failed unprivileged system call. A
local attacker could use this to cause a denial of service. (CVE-2015-1350)
Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel
did not properly validate
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities
vendor_ubuntu·2017-06-07·CVSS 5.0
CVE-2016-7913 [MEDIUM] Linux kernel (Xenial HWE) vulnerabilities
Title: Linux kernel (Xenial HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
It was discovered that the netfilter netlink implementation in the Linux
kernel did not properly validate batch messages. A local attacker with the
CAP_NET_ADMIN capability could use this to expose sensitive information or
cause a denial of service. (CVE-2016-7917)
Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()
function in the Linux kernel. A local attacker could use to cause a denial
of service (system crash) or possibly execute arbitra
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2017-06-07·CVSS 5.0
CVE-2016-7913 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the netfilter netlink implementation in the Linux
kernel did not properly validate batch messages. A local attacker with the
CAP_NET_ADMIN capability could use this to expose sensitive information or
cause a denial of service. (CVE-2016-7917)
Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()
function in the Linux kernel. A local attacker could use to cause a denial
of service (system crash) or possibly execute arbitrary code with
administrative privileges. (CVE-2016-8632)
It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2017-06-07·CVSS 4.4
CVE-2016-9604 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attacker could use this to bypass
module verification. (CVE-2016-9604)
It was discovered that a buffer overflow existed in the trace subsystem in
the Linux kernel. A privileged local attacker could use this to execute
arbitrary code. (CVE-2017-0605)
Daniel Jiang discovered that a race condition existed in the ipv4 ping
socket implementation in the Linux kernel. A local privileged attacker
could use this to cause a denial of service (system crash). (CVE-2017-2671)
JongHwan Kim discovered an out-of-b
Red Hat
kernel: keyctl_set_reqkey_keyring() leaks thread keyrings
vendor_redhat·2017-04-01·CVSS 5.5
CVE-2017-7472 [MEDIUM] CWE-400 kernel: keyctl_set_reqkey_keyring() leaks thread keyrings
kernel: keyctl_set_reqkey_keyring() leaks thread keyrings
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
A vulnerability was found in the Linux kernel where the keyctl_set_reqkey_keyring() function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS.
Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in this product.
This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might ad
Debian
CVE-2017-7472: linux - The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to caus...
vendor_debian·2017·CVSS 5.5
CVE-2017-7472 [MEDIUM] CVE-2017-7472: linux - The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to caus...
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
Scope: local
bookworm: resolved (fixed in 4.9.25-1)
bullseye: resolved (fixed in 4.9.25-1)
forky: resolved (fixed in 4.9.25-1)
sid: resolved (fixed in 4.9.25-1)
trixie: resolved (fixed in 4.9.25-1)
GHSA
GHSA-77r7-v55r-g5r7: The KEYS subsystem in the Linux kernel before 4
ghsa_unreviewed·2022-05-13
CVE-2017-7472 [MEDIUM] CWE-404 GHSA-77r7-v55r-g5r7: The KEYS subsystem in the Linux kernel before 4
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
OSV
linux vulnerabilities
osv·2017-09-18·CVSS 7.8
CVE-2017-1000251 [HIGH] linux vulnerabilities
linux vulnerabilities
It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)
It was discovered that the asynchronous I/O (aio) subsystem of the Linux
kernel did not properly set permissions on aio memory mappings in some
situations. An attacker could use this to more easily exploit other
vulnerabilities. (CVE-2016-10044)
Baozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3
IP Encapsulation implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2016-10200)
Andreas Gruenbacher an
OSV
linux-hwe vulnerabilities
osv·2017-07-21·CVSS 5.5
[MEDIUM] linux-hwe vulnerabilities
linux-hwe vulnerabilities
USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please
note that this update changes the Linux HWE kernel to the 4.10 based
kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from
Ubuntu 16.10.
Ben Harris discovered that the Linux kernel would strip extended privilege
attributes of files when performing a failed unprivileged system call. A
local attacker could use this to cause a denial of service. (CVE-2015-1350)
Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel
did not properly validate meta block groups. An attacker with physical
access could use this to specially cr
OSV
linux-lts-xenial vulnerabilities
osv·2017-06-07·CVSS 5.0
[MEDIUM] linux-lts-xenial vulnerabilities
linux-lts-xenial vulnerabilities
USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
It was discovered that the netfilter netlink implementation in the Linux
kernel did not properly validate batch messages. A local attacker with the
CAP_NET_ADMIN capability could use this to expose sensitive information or
cause a denial of service. (CVE-2016-7917)
Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()
function in the Linux kernel. A local attacker could use to cause a denial
of service (system crash) or possibly execute arbitrary code with
administrative privileges. (CVE-2016-8632)
It was discovered that th
OSV
linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
osv·2017-06-07·CVSS 5.0
CVE-2016-7917 [MEDIUM] linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that the netfilter netlink implementation in the Linux
kernel did not properly validate batch messages. A local attacker with the
CAP_NET_ADMIN capability could use this to expose sensitive information or
cause a denial of service. (CVE-2016-7917)
Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()
function in the Linux kernel. A local attacker could use to cause a denial
of service (system crash) or possibly execute arbitrary code with
administrative privileges. (CVE-2016-8632)
It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attac
OSV
CVE-2017-7472: The KEYS subsystem in the Linux kernel before 4
osv·2017-05-11·CVSS 5.5
CVE-2017-7472 [MEDIUM] CVE-2017-7472: The KEYS subsystem in the Linux kernel before 4
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
Kernel
Merge tag 'keys-fixes-20170419' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
kernel_security·2017-04-20·CVSS 4.4
CVE-2016-9604 [MEDIUM] Merge tag 'keys-fixes-20170419' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
Merge tag 'keys-fixes-20170419' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
Pull keyrings fixes from David Howells:
(1) Disallow keyrings whose name begins with a '.' to be joined
[CVE-2016-9604].
(2) Change the name of the dead type to ".dead" to prevent user access
[CVE-2017-6951].
(3) Fix keyctl_set_reqkey_keyring() to not leak thread keyrings
[CVE-2017-7472]
* tag 'keys-fixes-20170419' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
KEYS: Change the name of the dead type to ".dead" to prevent user access
KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
Kernel
KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
kernel_security·2017-04-18·CVSS 5.5
CVE-2017-7472 [MEDIUM] KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
This fixes CVE-2017-7472.
Running the following program as an unprivileged user exhausts kernel
memory by leaking thread keyrings:
#include
int main()
{
for (;;)
keyctl_set_reqkey_keyring(KEY_REQKEY_DEFL_THREAD_KEYRING);
}
Fix it by only creating a new thread keyring if there wasn't one before.
To make things more consistent, make install_thread_keyring_to_cred()
and install_process_keyring_to_cred() both return 0 if the corresponding
keyring is already present.
Fixes: d84f4f992cbd ("CRED: Inaugurate COW credentials")
Cc: [email protected] # 2.6.29+
Signed-off-by: Eric Biggers
Signed-off-by: David Howells
No detection rules found.
Bugzilla
CVE-2017-7472 kernel: keyctl_set_reqkey_keyring() leaks thread keyrings
bugzilla·2017-04-13·CVSS 5.5
CVE-2017-7472 [MEDIUM] CVE-2017-7472 kernel: keyctl_set_reqkey_keyring() leaks thread keyrings
CVE-2017-7472 kernel: keyctl_set_reqkey_keyring() leaks thread keyrings
A vulnerability was found in the Linux kernel. It was found that keyctl_set_reqkey_keyring() function leaks thread keyring which allows unprivileged local user to exhaust kernel memory.
References:
https://lkml.org/lkml/2017/4/1/235
https://lkml.org/lkml/2017/4/3/724
http://seclists.org/oss-sec/2017/q2/246
Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d68164712e3204bf5271b
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1442093]
---
Statement:
This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in this product.
This issue
Bugzilla
CVE-2017-7472 kernel: keyctl_set_reqkey_keyring() leaks thread keyrings [fedora-all]
bugzilla·2017-04-13·CVSS 5.5
CVE-2017-7472 [MEDIUM] CVE-2017-7472 kernel: keyctl_set_reqkey_keyring() leaks thread keyrings [fedora-all]
CVE-2017-7472 kernel: keyctl_set_reqkey_keyring() leaks thread keyrings [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported v
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d68164712e3204bf5271bhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.htmlhttp://openwall.com/lists/oss-security/2017/05/11/1http://www.securityfocus.com/bid/98422http://www.securitytracker.com/id/1038471https://access.redhat.com/errata/RHSA-2018:0151https://access.redhat.com/errata/RHSA-2018:0152https://access.redhat.com/errata/RHSA-2018:0181https://bugzilla.novell.com/show_bug.cgi?id=1034862https://bugzilla.redhat.com/show_bug.cgi?id=1442086https://github.com/torvalds/linux/commit/c9f838d104fed6f2f61d68164712e3204bf5271bhttps://lkml.org/lkml/2017/4/1/235https://lkml.org/lkml/2017/4/3/724https://www.exploit-db.com/exploits/42136/https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.13http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d68164712e3204bf5271bhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.htmlhttp://openwall.com/lists/oss-security/2017/05/11/1http://www.securityfocus.com/bid/98422http://www.securitytracker.com/id/1038471https://access.redhat.com/errata/RHSA-2018:0151https://access.redhat.com/errata/RHSA-2018:0152https://access.redhat.com/errata/RHSA-2018:0181https://bugzilla.novell.com/show_bug.cgi?id=1034862https://bugzilla.redhat.com/show_bug.cgi?id=1442086https://github.com/torvalds/linux/commit/c9f838d104fed6f2f61d68164712e3204bf5271bhttps://lkml.org/lkml/2017/4/1/235https://lkml.org/lkml/2017/4/3/724https://www.exploit-db.com/exploits/42136/https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.13
2017-05-11
Published