A vulnerability was found in the Linux kernel. It was found that keyctl_set_reqkey_keyring() function leaks thread keyring which allows unprivileged local user to exhaust kernel memory. References: https://lkml.org/lkml/2017/4/1/235 https://lkml.org/lkml/2017/4/3/724 http://seclists.org/oss-sec/2017/q2/246 Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d68164712e3204bf5271b
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1442093]
Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in this product. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.
This was fixed in the 4.10.13 stable release that was pushed to all stable Fedora releases on 2017-05-07.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0151 https://access.redhat.com/errata/RHSA-2018:0151
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0152 https://access.redhat.com/errata/RHSA-2018:0152
This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2018:0181 https://access.redhat.com/errata/RHSA-2018:0181