[v3.0] kernel: security/keys/gc.c race condition (CVE-2014-9529)
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.
Upstream:
https://github.com/torvalds/linux/commit/a3a8784454692dd72e5d5d34dcdab17b4420e74c
3.10.y: fixed in 3.10.67:
https://github.com/torvalds/linux/commit/a7033e302dcd38bb4333f46b3fdcd930955e402d
3.14.y: fixed in 3.14.31:
https://github.com/torvalds/linux/commit/cf69173f59163182c12e0ecbda52721397468763
http://seclists.org/oss-sec/2015/q1/75
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9529
CONFIRM:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a3a8784454692dd72e5d5d34dcdab17b4420e74c
(from redmine: issue id 3931, created on 2015-02-10, closed on 2017-09-05)
- Relations:
- parent #3928