[kernel-sec-discuss] r5655 - active
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Oct 15 06:33:35 UTC 2017
Author: carnil
Date: 2017-10-15 06:33:35 +0000 (Sun, 15 Oct 2017)
New Revision: 5655
Added:
active/CVE-2017-15299
Log:
Add CVE-2017-15299
Added: active/CVE-2017-15299
===================================================================
--- active/CVE-2017-15299 (rev 0)
+++ active/CVE-2017-15299 2017-10-15 06:33:35 UTC (rev 5655)
@@ -0,0 +1,22 @@
+Description: Incorrect updates of uninstantiated keys crash the kernel
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1498016
+ https://marc.info/?t=150654188100001&r=1&w=2
+ https://marc.info/?t=150783958600011&r=1&w=2
+Notes:
+ carnil> The bug is not restricted to CONFIG_ENCRYPTED_KEYS=y
+ carnil> only, but the impact is different. As noted in the commit
+ carnil> message: "In the case of the "user" and "logon" key types
+ carnil> this causes a memory leak, at best. Maybe even worse, the
+ carnil> ->update() methods of the "encrypted" and "trusted" key types
+ carnil> actually just dereference a NULL pointer when passed an
+ carnil> uninstantiated key.
+Bugs:
+upstream: needed
+4.9-upstream-stable: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+4.9-stretch-security: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
More information about the kernel-sec-discuss
mailing list