ID CVE-2017-15274
Summary security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.
References
Vulnerable Configurations
  • Linux Kernel 4.11.4
    cpe:2.3:o:linux:linux_kernel:4.11.4
CVSS
Base: 4.9
Impact:
Exploitability:
CWE CWE-476
CAPEC
refmap via4
bid 101292
confirm
Last major update 11-10-2017 - 20:29
Published 11-10-2017 - 20:29
Last modified 03-11-2017 - 12:54
Back to Top