Published: 22/11/2017 Updated: 12/02/2023

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 437

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel prior to 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...

Incorrect updates of uninstantiated keys crash the kernelA vulnerability was found in the key management subsystem of the Linux kernel An update on an uninstantiated key could cause a kernel panic, leading to denial of service (DoS) (CVE-2017-15299) Memory leak when merging buffers in SCSI IO vectorsIt was found that in the Linux kernel through v ...

A flaw was found in the Linux kernel's implementation of associative arrays introduced in 313 This functionality was backported to the 310 kernels in Red Hat Enterprise Linux 7 The flaw involved a null pointer dereference in assoc_array_apply_edit() due to incorrect node-splitting in assoc_array implementation This affects the keyring key typ ...

Several security issues were fixed in the Linux kernel ...

USN-3509-2 introduced a regression in the Linux HWE kernel for Ubuntu 1404 LTS ...

USN-3509-1 introduced a regression in the Linux kernel for Ubuntu 1604 LTS ...

Several security issues were fixed in the Linux kernel ...

CWE-476 https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b https://bugzilla.redhat.com/show_bug.cgi?id=1501215 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea6789980fdaa610d7eb63602c746bf6ec70cd2b http://www.securityfocus.com/bid/101678 https://access.redhat.com/errata/RHSA-2018:0151 https://usn.ubuntu.com/3698-2/https://usn.ubuntu.com/3698-1/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2018:0152 https://usn.ubuntu.com/3698-1/https://alas.aws.amazon.com/ALAS-2017-925.html

CVE-2017-12193

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect