Published: 28/10/2017 Updated: 19/01/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The KEYS subsystem in the Linux kernel prior to 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Several security issues were fixed in the Linux kernel ...

Incorrect updates of uninstantiated keys crash the kernelA vulnerability was found in the key management subsystem of the Linux kernel An update on an uninstantiated key could cause a kernel panic, leading to denial of service (DoS) (CVE-2017-15299) Memory leak when merging buffers in SCSI IO vectorsIt was found that in the Linux kernel through v ...

The KEYS subsystem in the Linux kernel before 41310 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls ...

CWE-20 https://github.com/torvalds/linux/commit/363b02dab09b3226f3bd1420dad9c72b79a42a76 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.10 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=363b02dab09b3226f3bd1420dad9c72b79a42a76 http://www.securityfocus.com/bid/101621 https://nvd.nist.gov https://usn.ubuntu.com/3485-1/

CVE-2017-15951

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect