Description of the problem: The problem is that search_nested_keyrings() sees two keyrings that have matching type and description, so keyring_compare_object() returns true. s_n_k() then passes the key to the iterator function - keyring_detect_cycle_iterator() - which *should* check to see whether this is the keyring of interest, not just one with the same name and, leads to BUG_ON. An unprivileged local user could use this flaw to crash the system. Introduced by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 References: https://lkml.org/lkml/2014/2/27/507
Created attachment 870451 [details] Upstream proposed patch
Statement: This issue did not affect the versions of Linux kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 as they did not backport the commit that introduced this issue.
Upstream patch: http://www.kernelhub.org/?msg=425013&p=2