Lucene search

K

RedhatCVELIST:CVE-2009-3624

HistoryNov 02, 2009 - 3:00 p.m.

CVE-2009-3624

2009-11-0215:00:00

redhat

www.cve.org

8

AI Score

6.8

Confidence

High

EPSS

0

Percentile

5.1%

The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands.

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=21279cfa107af07ef985539ac0de2152b9cba5f5

lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html

marc.info/?l=oss-security&m=125619420905341&w=2

marc.info/?l=oss-security&m=125624091417161&w=2

secunia.com/advisories/37086

secunia.com/advisories/38017

twitter.com/spendergrsec/statuses/4916661870

www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc5

www.ubuntu.com/usn/usn-864-1

AI Score

6.8

Confidence

High

EPSS

0

Percentile

5.1%

Related for CVELIST:CVE-2009-3624

prion1 ubuntucve1 cve1 nvd1 nessus3 openvas15 fedora6 suse1 ubuntu1