CVE-2017-12192

CVSS v3.0 5.5 (Medium)

CVSS v2.0 4.9 (Medium)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 12

The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation.

Weaknesses

CWE-476: NULL Pointer Dereference

Related CVEs

CVE-2017-15274

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2017-10-12 00:29:00
(7 years ago)
Updated Date: 2023-02-12 23:28:04
(19 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

		CPE23	From	Up To
	Linux Kernel 4.13.4 and prior versions	cpe:2.3:o:linux:linux_kernel		<= 4.13.4