vulnerability announce CVE-2012-2745
Linux kernel: denial of service via KEYCTL_SESSION_TO_PARENT
Synthesis of the vulnerability
A local attacker can copy his cryptographic keys with KEYCTL_SESSION_TO_PARENT, in order to stop the kernel.Impacted products:
Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
833428, BID-54365, CVE-2012-2745, openSUSE-SU-2013:0396-1, RHSA-2012:1064-01, SUSE-SU-2012:1350-1, VIGILANCE-VUL-11752.
Description of the vulnerability
The keyctl KEYCTL_SESSION_TO_PARENT is used by a process to copy its cryptographic keys to his parent process.
However, if a new process is created during this copy, this process obtains invalid keys. The kernel then uses an invalid memory area and stops.
A local attacker can therefore copy his cryptographic keys with KEYCTL_SESSION_TO_PARENT, in order to stop the kernel.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides software vulnerability bulletins
. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.