1291197 – (CVE-2015-7550) CVE-2015-7550 kernel: User triggerable crash from race between key read and rey revoke

Bug 1291197 (CVE-2015-7550) - CVE-2015-7550 kernel: User triggerable crash from race between key read and rey revoke

Summary: CVE-2015-7550 kernel: User triggerable crash from race between key read and r...

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2015-7550
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1290370 1291198 1293401 1293402
Blocks:	1291199
TreeView+	depends on / blocked

Reported:	2015-12-14 09:33 UTC by Adam Mariš
Modified:	2021-06-01 14:57 UTC (History)
CC List:	35 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	A NULL-pointer dereference flaw was found in the kernel, which is caused by a race between revoking a user-type key and reading from it. The issue could be triggered by an unprivileged user with a local account, causing the kernel to crash (denial of service).
Clone Of:
Environment:
Last Closed:	2019-06-08 02:46:23 UTC
Embargoed:

Attachments	(Terms of Use)

Description Adam Mariš 2015-12-14 09:33:45 UTC

A race between revoking a user-type key and reading from it was found causing a null pointer dereference and the kernel to crash. This condition can be triggered by unprivileged user with a local account.


Proposed patch:

https://bugzilla.redhat.com/attachment.cgi?id=1104753&action=diff
http://marc.info/?l=linux-kernel&m=145040247605360

Comment 1 Adam Mariš 2015-12-14 09:34:24 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1291198]

Comment 5 Fedora Update System 2015-12-22 07:20:36 UTC

kernel-4.2.8-200.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2015-12-22 22:01:49 UTC

kernel-4.2.8-300.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Wade Mealing 2016-01-18 02:30:38 UTC

Statement:

This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 5,6 and 7 and may be addressed in a future update.

Note You need to log in before you can comment on or make changes to this bug.

aquini
arm-mgr
bhu
blc
carnil
dhoward
fhrbata
gansalmon
iboverma
itamar
jforbes
jkacur
joelsmith
jonathan
jross
jwboyer
kernel-maint
kernel-mgr
kstutsma
lgoncalv
madhu.chinakonda
matt
mchehab
mcressma
mlangsdo
mrg-program-list
nmurray
osoukup
plougher
rt-maint
rvrbovsk
slawomir
slong
williams
wmealing