Bug 751297 (CVE-2011-4110) - CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type
Summary: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-4110
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 751190 751300 751301 751302 752529 756160 756168 756169 761377
Blocks: 751306
TreeView+ depends on / blocked
 
Reported: 2011-11-04 09:10 UTC by Petr Matousek
Modified: 2019-09-29 12:48 UTC (History)
17 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-05-10 09:10:08 UTC


Attachments (Terms of Use)
CVE-2011-4110 proposed patch (3.17 KB, patch)
2011-11-04 09:13 UTC, Petr Matousek
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1479 normal SHIPPED_LIVE Important: kernel security, bug fix, and enhancement update 2011-11-29 19:25:05 UTC
Red Hat Product Errata RHSA-2011:1530 normal SHIPPED_LIVE Moderate: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update 2011-12-06 01:45:35 UTC
Red Hat Product Errata RHSA-2012:0010 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2012-01-11 01:14:23 UTC
Red Hat Product Errata RHSA-2012:0116 normal SHIPPED_LIVE Moderate: kernel security and bug fix update 2012-02-15 05:42:54 UTC
Red Hat Product Errata RHSA-2012:0333 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2012-02-24 01:21:35 UTC

Description Petr Matousek 2011-11-04 09:10:39 UTC
A flaw was found in the way Linux kernel handled user-defined key types. An unprivileged local user could use this flaw to crash the system.

Reference:
https://lkml.org/lkml/2011/11/15/363

Comment 1 Petr Matousek 2011-11-04 09:13:44 UTC
Created attachment 531725 [details]
CVE-2011-4110 proposed patch

Comment 5 Petr Matousek 2011-11-04 14:32:47 UTC
Statement:

This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4,
5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1479.html, https://rhn.redhat.com/errata/RHSA-2011-1530.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.

Comment 13 Petr Matousek 2011-11-22 20:49:10 UTC
Created kernel tracking bugs for this issue

Affects: fedora-all [bug 756160]

Comment 15 errata-xmlrpc 2011-11-29 14:37:54 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:1479 https://rhn.redhat.com/errata/RHSA-2011-1479.html

Comment 16 errata-xmlrpc 2011-12-06 14:27:22 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:1530 https://rhn.redhat.com/errata/RHSA-2011-1530.html

Comment 18 errata-xmlrpc 2012-01-10 20:16:52 UTC
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2012:0010 https://rhn.redhat.com/errata/RHSA-2012-0010.html

Comment 19 errata-xmlrpc 2012-02-15 00:44:10 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6.1 EUS - Server Only

Via RHSA-2012:0116 https://rhn.redhat.com/errata/RHSA-2012-0116.html

Comment 20 errata-xmlrpc 2012-02-23 20:23:17 UTC
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2012:0333 https://rhn.redhat.com/errata/RHSA-2012-0333.html


Note You need to log in before you can comment on or make changes to this bug.