Linux Kernel "install_user_keyrings()" Race Condition

by Carol~ Moderator - 3/7/13 2:54 PM

In Reply to: VULNERABILITIES / FIXES - March 07, 2013 by Carol~ Moderator

Linux Kernel "install_user_keyrings()" Race Condition Vulnerability

Release Date : 2013-03-07

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Unpatched

Operating System :
Linux Kernel 3.7.x
Linux Kernel 3.8.x

Description:
A vulnerability has been reported in Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a race condition error within the "install_user_keyrings()" function (security/keys/process_keys.c) when the "uid" and "uid-session" are not created and can be exploited to dereference a NULL-pointer and cause a crash.

Solution:
No official solution is currently available.

Provided and/or discovered by:
The vendor credits Mateusz Guzik, Red Hat.

Original Advisory:
https://lkml.org/lkml/2013/3/6/535
http://www.openwall.com/lists/oss-security/2013/03/07/1

http://secunia.com/advisories/52441/