Bug 1072419 - (CVE-2014-0102) CVE-2014-0102 kernel: security: keyring cycle detector DoS
CVE-2014-0102 kernel: security: keyring cycle detector DoS
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 1071346 1071396 1072425
Blocks: 1072464
  Show dependency treegraph
Reported: 2014-03-04 09:42 EST by Petr Matousek
Modified: 2015-10-15 14:16 EDT (History)
20 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-03-04 09:52:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Upstream proposed patch (2.29 KB, patch)
2014-03-04 09:50 EST, Petr Matousek
no flags Details | Diff

  None (edit)
Description Petr Matousek 2014-03-04 09:42:31 EST
Description of the problem:
The problem is that search_nested_keyrings() sees two keyrings that have
matching type and description, so keyring_compare_object() returns true.
s_n_k() then passes the key to the iterator function -
keyring_detect_cycle_iterator() - which *should* check to see whether this is
the keyring of interest, not just one with the same name and, leads to

An unprivileged local user could use this flaw to crash the system. 

Introduced by:

Comment 1 Petr Matousek 2014-03-04 09:50:56 EST
Created attachment 870451 [details]
Upstream proposed patch
Comment 3 Petr Matousek 2014-03-04 09:52:48 EST

This issue did not affect the versions of Linux kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 as they did not backport the commit that introduced this issue.
Comment 4 Petr Matousek 2014-03-04 11:58:21 EST
Upstream patch:


Note You need to log in before you can comment on or make changes to this bug.