CVE-2017-17807
CVSS v3.0
3.3 (Low)
CVSS v2.0
2.1 (Low)
EPSS
0.04 % (11th)
Affected Products
1
Advisories
15
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.
Weaknesses
- CWE-862
- Missing Authorization
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2017-12-20 23:29:00
(6 years ago) - Updated Date
-
2019-10-03 00:03:26
(5 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...