The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations.
CVE-2017-12193 - Medium Severity Vulnerability
Julia Cartwright's fork of linux-stable-rt.git
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/julia/linux-stable-rt.git
Found in HEAD commit: 5efa23eac0f04571d486a6f7706fccc426b46cac
Found in base branch: master
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations.
Publish Date: 2017-11-22
URL: CVE-2017-12193
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-12193
Release Date: 2017-11-22
Fix Resolution: 4.13.11
Step up your Open Source Security Game with Mend here