Bug 751297 (CVE-2011-4110)

Summary: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type
Product: [Other] Security Response Reporter: Petr Matousek <pmatouse>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: anton, arozansk, bhu, dhoward, dhowells, fhrbata, hui.zhu, jkacur, kernel-mgr, lgoncalv, lwang, plougher, rt-maint, security-response-team, sforsber, vgoyal, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-05-10 09:10:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 751190, 751300, 751301, 751302, 752529, 756160, 756168, 756169, 761377    
Bug Blocks: 751306    
Attachments:
Description Flags
CVE-2011-4110 proposed patch none

Description Petr Matousek 2011-11-04 09:10:39 UTC 
A flaw was found in the way Linux kernel handled user-defined key types. An unprivileged local user could use this flaw to crash the system.

Reference:
https://lkml.org/lkml/2011/11/15/363
Comment 1 Petr Matousek 2011-11-04 09:13:44 UTC 
Created attachment 531725 [details]
CVE-2011-4110 proposed patch
Comment 5 Petr Matousek 2011-11-04 14:32:47 UTC 
Statement:

This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4,
5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1479.html, https://rhn.redhat.com/errata/RHSA-2011-1530.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
Comment 10 Petr Matousek 2011-11-16 08:30:45 UTC 
Upstream commit:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9f35a33b8d06263a165efe3541d9aa0cdbd70b3b
Comment 13 Petr Matousek 2011-11-22 20:49:10 UTC 
Created kernel tracking bugs for this issue

Affects: fedora-all [bug 756160]
Comment 15 errata-xmlrpc 2011-11-29 14:37:54 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:1479 https://rhn.redhat.com/errata/RHSA-2011-1479.html
Comment 16 errata-xmlrpc 2011-12-06 14:27:22 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:1530 https://rhn.redhat.com/errata/RHSA-2011-1530.html
Comment 18 errata-xmlrpc 2012-01-10 20:16:52 UTC 
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2012:0010 https://rhn.redhat.com/errata/RHSA-2012-0010.html
Comment 19 errata-xmlrpc 2012-02-15 00:44:10 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6.1 EUS - Server Only

Via RHSA-2012:0116 https://rhn.redhat.com/errata/RHSA-2012-0116.html
Comment 20 errata-xmlrpc 2012-02-23 20:23:17 UTC 
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2012:0333 https://rhn.redhat.com/errata/RHSA-2012-0333.html