Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 460708 (CVE-2013-1792)

Summary: Kernel : "install_user_keyrings()" Race Condition Vulnerability (CVE-2013-1792)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED FIXED    
Severity: normal CC: alexander, kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://secunia.com/advisories/52441/
Whiteboard: [<3.8.3]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-03-07 17:14:19 UTC 
From $URL :

Description
A vulnerability has been reported in Linux Kernel, which can be exploited by malicious, local users 
to cause a DoS (Denial of Service).

The vulnerability is caused due to a race condition error within the "install_user_keyrings()" 
function (security/keys/process_keys.c) when the "uid" and "uid-session" are not created and can be 
exploited to dereference a NULL-pointer and cause a crash.


Solution
No official solution is currently available.

Provided and/or discovered by
The vendor credits Mateusz Guzik, Red Hat.

Original Advisory
https://lkml.org/lkml/2013/3/6/535
http://www.openwall.com/lists/oss-security/2013/03/07/1
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-25 00:10:27 UTC 
Patch in mainline 3.9 onwards