CVE-2010-2960

Priority
Description
The keyctl_session_to_parent function in security/keys/keyctl.c in the
Linux kernel 2.6.35.4 and earlier expects that a certain parent session
keyring exists, which allows local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified other
impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function.
Ubuntu-Description
Tavis Ormandy discovered that the session keyring did not correctly check
for its parent. On systems without a default session keyring, a local
attacker could exploit this to crash the system, leading to a denial of
service.
Assigned-to
sconklin
Notes
keessystem crash without pam_keyinit
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2020-01-29 19:38:45 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)