Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 460708 (CVE-2013-1792) - Kernel : "install_user_keyrings()" Race Condition Vulnerability (CVE-2013-1792)
Summary: Kernel : "install_user_keyrings()" Race Condition Vulnerability (CVE-2013-1792)
Status: RESOLVED FIXED
Alias: CVE-2013-1792
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: https://secunia.com/advisories/52441/
Whiteboard: [<3.8.3]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-03-07 17:14 UTC by Agostino Sarubbo
Modified: 2021-10-25 00:10 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-03-07 17:14:19 UTC
From $URL :

Description
A vulnerability has been reported in Linux Kernel, which can be exploited by malicious, local users 
to cause a DoS (Denial of Service).

The vulnerability is caused due to a race condition error within the "install_user_keyrings()" 
function (security/keys/process_keys.c) when the "uid" and "uid-session" are not created and can be 
exploited to dereference a NULL-pointer and cause a crash.


Solution
No official solution is currently available.

Provided and/or discovered by
The vendor credits Mateusz Guzik, Red Hat.

Original Advisory
https://lkml.org/lkml/2013/3/6/535
http://www.openwall.com/lists/oss-security/2013/03/07/1
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-25 00:10:27 UTC
Patch in mainline 3.9 onwards