Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-17807  

The KEYS subsystem in the Linux kernel before 4.14.6, 4.9.69, 4.4.107, 3.18.88, 3.16.52 and 3.2.97 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.

Source
Severity Low

Remote No

Type Access restriction bypass

Description 

The KEYS subsystem in the Linux kernel before 4.14.6, 4.9.69, 4.4.107, 3.18.88, 3.16.52 and 3.2.97 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.

AVG-565 linux-lts 4.9.68-1 4.9.69-1 Medium Fixed

AVG-564 linux-hardened 4.14.5-1 4.14.6-1 Medium Fixed

AVG-563 linux-zen 4.14.5-1 4.14.6-1 Medium Fixed

AVG-562 linux 4.14.5-1 4.14.6-1 Medium Fixed 

https://git.kernel.org/linus/4dca6ea1d9432052afb06baf2e3ae78188a4410b

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started