Linux Kernel "install_user_keyrings()" Race Condition
Linux Kernel "install_user_keyrings()" Race Condition Vulnerability
Release Date : 2013-03-07
Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Unpatched
Operating System :
Linux Kernel 3.7.x
Linux Kernel 3.8.x
A vulnerability has been reported in Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to a race condition error within the "install_user_keyrings()" function (security/keys/process_keys.c) when the "uid" and "uid-session" are not created and can be exploited to dereference a NULL-pointer and cause a crash.
No official solution is currently available.
Provided and/or discovered by:
The vendor credits Mateusz Guzik, Red Hat.