Summary: | Kernel: security: keyring cycle detector DoS (CVE-2014-0102) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kernel |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-03-25 11:59:21 UTC
CVE-2014-0102 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0102): The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands. Fixed in 3.14 as 979e0d74651ba5aa533277f2a6423d0f982fb6f6 |