Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel 2.6.0 |
||
linux linux kernel 2.6.1 |
||
linux linux kernel 2.6.10 |
||
linux linux kernel 2.6.11.3 |
||
linux linux kernel 2.6.11.4 |
||
linux linux kernel 2.6.11 |
||
linux linux kernel 2.6.12.4 |
||
linux linux kernel 2.6.12.5 |
||
linux linux kernel 2.6.13.3 |
||
linux linux kernel 2.6.13.4 |
||
linux linux kernel 2.6.14.2 |
||
linux linux kernel 2.6.14.3 |
||
linux linux kernel 2.6.15.1 |
||
linux linux kernel 2.6.15.2 |
||
linux linux kernel 2.6.15.3 |
||
linux linux kernel 2.6.15 |
||
linux linux kernel 2.6.7 |
||
linux linux kernel 2.6.8 |
||
linux linux kernel 2.6.11.12 |
||
linux linux kernel 2.6.11.2 |
||
linux linux kernel 2.6.11.9 |
||
linux linux kernel 2.6.12.2 |
||
linux linux kernel 2.6.12.3 |
||
linux linux kernel 2.6.13.1 |
||
linux linux kernel 2.6.13.2 |
||
linux linux kernel 2.6.14 |
||
linux linux kernel 2.6.14.1 |
||
linux linux kernel 2.6.6 |
||
linux linux kernel 2.6.9 |
||
linux linux kernel 2.6.11.1 |
||
linux linux kernel 2.6.11.5 |
||
linux linux kernel 2.6.11.6 |
||
linux linux kernel 2.6.11_rc1_bk6 |
||
linux linux kernel 2.6.12.6 |
||
linux linux kernel 2.6.12 |
||
linux linux kernel 2.6.13 |
||
linux linux kernel 2.6.14.4 |
||
linux linux kernel 2.6.15.4 |
||
linux linux kernel 2.6.15.5 |
||
linux linux kernel 2.6.3 |
||
linux linux kernel 2.6.4 |
||
linux linux kernel 2.6.8.1 |
||
linux linux kernel 2.6.8.1.5 |
||
linux linux kernel 2.6.11.10 |
||
linux linux kernel 2.6.11.11 |
||
linux linux kernel 2.6.11.7 |
||
linux linux kernel 2.6.11.8 |
||
linux linux kernel 2.6.12.1 |
||
linux linux kernel 2.6.5 |