Bug 1442086 (CVE-2017-7472)

Summary: CVE-2017-7472 kernel: keyctl_set_reqkey_keyring() leaks thread keyrings
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aquini, bhu, carnil, dhoward, dominik.mierzejewski, fhrbata, gansalmon, hwkernel-mgr, iboverma, ichavero, itamar, jforbes, jkacur, jonathan, jross, jwboyer, kernel-maint, kernel-mgr, khorenko, labbott, lgoncalv, madhu.chinakonda, matt, mchehab, mcressma, nmurray, pholasek, plougher, rt-maint, rvrbovsk, slawomir, vdronov, williams, yozone
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
A vulnerability was found in the Linux kernel where the keyctl_set_reqkey_keyring() function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:10:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1442093, 1450157, 1450158, 1450159, 1450160, 1466457, 1479727, 1479728    
Bug Blocks: 1442089    

Description Andrej Nemec 2017-04-13 13:27:57 UTC 
A vulnerability was found in the Linux kernel. It was found that keyctl_set_reqkey_keyring() function leaks thread keyring which allows unprivileged local user to exhaust kernel memory.

References:

https://lkml.org/lkml/2017/4/1/235

https://lkml.org/lkml/2017/4/3/724

http://seclists.org/oss-sec/2017/q2/246

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d68164712e3204bf5271b
Comment 1 Andrej Nemec 2017-04-13 13:37:01 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1442093]
Comment 7 Vladis Dronov 2017-05-11 17:05:20 UTC 
Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in this product.

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.
Comment 8 Justin M. Forbes 2017-05-12 12:30:28 UTC 
This was fixed in the 4.10.13 stable release that was pushed to all stable Fedora releases on 2017-05-07.
Comment 11 errata-xmlrpc 2018-01-25 11:25:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0151 https://access.redhat.com/errata/RHSA-2018:0151
Comment 12 errata-xmlrpc 2018-01-25 11:29:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0152 https://access.redhat.com/errata/RHSA-2018:0152
Comment 13 errata-xmlrpc 2018-01-25 11:32:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2018:0181 https://access.redhat.com/errata/RHSA-2018:0181