CVE-2017-7472

CVSS V2 Medium 4.9 CVSS V3 Medium 5.5

Description

The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.

Overview

CVE ID
CVE-2017-7472

Assigner
secalert@redhat.com

Vulnerability Status
Modified

Published Version
2017-05-11T19:29:00

Last Modified Date
2023-02-12T23:30:04

Weakness Enumerations

CWE	URL
CWE-404	http://cwe.mitre.org/data/definitions/404.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:o:linux:linux_kernel::::::::	1	OR		4.10.12

CVSS Version 2

Version
2.0

Vector String
AV:L/AC:L/Au:N/C:N/I:N/A:C

Access Vector
LOCAL

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
NONE

Integrity Impact
NONE

Availability Impact
COMPLETE

Base Score
4.9

Severity
MEDIUM

Exploitability Score
3.9

Impact Score
6.9

CVSS Version 3

Version
3.0

Vector String
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector
LOCAL

Attack Compatibility
LOW

Privileges Required
LOW

User Interaction
NONE

Scope
UNCHANGED

Confidentiality Impact
NONE

Availability Impact
HIGH

Base Score
5.5

Base Severity
MEDIUM

Exploitability Score
1.8

Impact Score
3.6

References

Reference URL	Reference Tags
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d68164712e3204bf5271b	Issue Tracking Patch Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
http://openwall.com/lists/oss-security/2017/05/11/1	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/98422
http://www.securitytracker.com/id/1038471
https://access.redhat.com/errata/RHSA-2018:0151
https://access.redhat.com/errata/RHSA-2018:0152
https://access.redhat.com/errata/RHSA-2018:0181
https://access.redhat.com/security/cve/CVE-2017-7472
https://bugzilla.novell.com/show_bug.cgi?id=1034862	Issue Tracking Patch
https://bugzilla.redhat.com/show_bug.cgi?id=1442086	Issue Tracking Patch
https://github.com/torvalds/linux/commit/c9f838d104fed6f2f61d68164712e3204bf5271b	Issue Tracking Patch Third Party Advisory
https://lkml.org/lkml/2017/4/1/235	Broken Link
https://lkml.org/lkml/2017/4/3/724	Broken Link
https://www.exploit-db.com/exploits/42136/
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.13	Release Notes Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2017-7472
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7472

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 17:28:01				Added to TrackCVE
2022-12-02 16:47:43	2017-05-11T19:29Z	2017-05-11T19:29:00	CVE Published Date	updated
2022-12-02 16:47:43		2019-10-03T00:03:26	CVE Modified Date	updated
2022-12-02 16:47:43		Modified	Vulnerability Status	updated
2023-02-02 16:06:25		2023-02-02T15:17:22	CVE Modified Date	updated
2023-02-02 16:06:25	The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.	A vulnerability was found in the Linux kernel where the keyctl_set_reqkey_keyring() function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS.	Description	updated
2023-02-02 16:06:26			References	updated
2023-02-13 00:06:28		2023-02-12T23:30:04	CVE Modified Date	updated
2023-02-13 00:06:28	A vulnerability was found in the Linux kernel where the keyctl_set_reqkey_keyring() function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS.	The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.	Description	updated