Уязвимость CVE-2017-12193: Информация
Описание
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations.
Важность: MEDIUM (5,5) Вектор: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Исправленные пакеты
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
---|---|
https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b |
|
https://bugzilla.redhat.com/show_bug.cgi?id=1501215 |
|
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11 |
|
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea6789980fdaa610d7eb63602c746bf6ec70cd2b |
|
101678 |
|
RHSA-2018:0151 | |
USN-3698-2 | |
USN-3698-1 |