Unprivileged user can create (using keyctl) user session keyrings for another user. This is problematic because these "fake" keyrings won't have the right permissions. In particular, the user who created them first will own them and will have full access to them via the possessor permissions, which can be used to compromise the security of a user's keys. Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=237bbd29f7a049d310d907f4b2716a7feef9abf3 If being used by root-level processes, then could be used securely without possibility of leaking keys between users (see http://kernsec.org/pipermail/linux-security-module-archive/2017-September/003318.html ), so likely this is the task for modules and programs (for rhel6) to use keyctl kernel functionality securely (the implicit creation method) without such usage of user-space keyring keys.
Acknowledgments: Name: Eric Biggers (Google)
External References: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=237bbd29f7a049d310d907f4b2716a7feef9abf3 http://kernsec.org/pipermail/linux-security-module-archive/2017-September/003318.html
The CVE assigned here seem a duplicate of the already assigned CVE-2017-18270.
(In reply to Salvatore Bonaccorso from comment #9) > The CVE assigned here seem a duplicate of the already assigned > CVE-2017-18270. Salvatore, it is, indeed. thank you for the heads up! *** This bug has been marked as a duplicate of bug 1580979 ***
Statement: This flaw was found to be a duplicate of CVE-2017-18270. Please see https://access.redhat.com/security/cve/CVE-2017-18270 for information about affected products and security errata.