** Description changed: - There is a race condition in install_user_keyrings() routine, leading to - a NULL pointer dereference. It occurs during parallel invocation of the - install_user_keyrings & lookup_user_key routines, for the same user, if - `uid' and `uid-session' keyrings are not yet created. An unprivileged - user could use this flaw to crash the system, resulting in DoS. + Race condition in the install_user_keyrings function in + security/keys/process_keys.c in the Linux kernel before 3.8.3 allows + local users to cause a denial of service (NULL pointer dereference and + system crash) via crafted keyctl system calls that trigger keyring + operations in simultaneous threads. Break-Fix: - 0da9dfdd2cd9889201bc6f6f43580c99165cd087
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1152788 Title: CVE-2013-1792 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1152788/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
