505664 – (CVE-2014-0102) Kernel: security: keyring cycle detector DoS (CVE-2014-0102)

Bug 505664 (CVE-2014-0102) - Kernel: security: keyring cycle detector DoS (CVE-2014-0102)

Summary: Kernel: security: keyring cycle detector DoS (CVE-2014-0102)

Status:	RESOLVED FIXED

Alias:	CVE-2014-0102

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Kernel Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-03-25 11:59 UTC by Agostino Sarubbo
Modified:	2022-03-25 19:43 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2014-03-25 11:59:21 UTC

CVE-2014-0102 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0102):

The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 
does not properly determine whether keyrings are identical, which allows local users to cause a denial of 
service (OOPS) via crafted keyctl commands.

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2014-08-10 22:03:48 UTC

CVE-2014-0102 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0102):
  The keyring_detect_cycle_iterator function in security/keys/keyring.c in the
  Linux kernel through 3.13.6 does not properly determine whether keyrings are
  identical, which allows local users to cause a denial of service (OOPS) via
  crafted keyctl commands.

Comment 2 John Helmert III archtester

2022-03-25 19:43:54 UTC

Fixed in 3.14 as 979e0d74651ba5aa533277f2a6423d0f982fb6f6