{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-03-07T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-03-04T15:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-1796-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1796-1"}, {"name": "openSUSE-SU-2013:1187", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/0da9dfdd2cd9889201bc6f6f43580c99165cd087"}, {"name": "MDVSA-2013:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"name": "USN-1797-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1797-1"}, {"name": "USN-1788-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1788-1"}, {"name": "[oss-security] 20130307 CVE-2013-1792 Linux kernel: KEYS: race with concurrent install_user_keyrings()", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/03/07/1"}, {"name": "USN-1793-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1793-1"}, {"name": "USN-1792-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1792-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0da9dfdd2cd9889201bc6f6f43580c99165cd087"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916646"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3"}, {"name": "USN-1794-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1794-1"}, {"name": "RHSA-2013:0744", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"}, {"name": "USN-1795-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1795-1"}, {"name": "USN-1787-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1787-1"}, {"name": "openSUSE-SU-2014:0204", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html"}, {"name": "USN-1798-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1798-1"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:13:32.999Z"}, "title": "CVE Program Container", "references": [{"name": "USN-1796-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1796-1"}, {"name": "openSUSE-SU-2013:1187", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/0da9dfdd2cd9889201bc6f6f43580c99165cd087"}, {"name": "MDVSA-2013:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"name": "USN-1797-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1797-1"}, {"name": "USN-1788-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1788-1"}, {"name": "[oss-security] 20130307 CVE-2013-1792 Linux kernel: KEYS: race with concurrent install_user_keyrings()", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/03/07/1"}, {"name": "USN-1793-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1793-1"}, {"name": "USN-1792-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1792-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0da9dfdd2cd9889201bc6f6f43580c99165cd087"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916646"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3"}, {"name": "USN-1794-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1794-1"}, {"name": "RHSA-2013:0744", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"}, {"name": "USN-1795-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1795-1"}, {"name": "USN-1787-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1787-1"}, {"name": "openSUSE-SU-2014:0204", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html"}, {"name": "USN-1798-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1798-1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1792", "datePublished": "2013-03-22T10:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:13:32.999Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E252E0BC-FCE3-40FA-9819-65999BD2F6A1", "versionEndIncluding": "3.8.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A6E41FB-38CE-49F2-B796-9A5AA648E73F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "93523FE1-5993-46CB-9299-7C8C1A04E873", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads."}, {"lang": "es", "value": "Condici\u00f3n de carrera en la funci\u00f3n install_user_keyrings en ??security/keys/process_keys.c en el kernel de Linux anterior a v3.8.3 que permite a usuarios locales provocar una denegaci\u00f3n de servicio (desreferencia puntero NULL y ca\u00edda del sistema) a trav\u00e9s de la manipulaci\u00f3n del sistema keyctl que dispara operaciones de verificaci\u00f3n simult\u00e1neamente en varios hilos."}], "id": "CVE-2013-1792", "lastModified": "2024-11-21T01:50:23.850", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-03-22T11:59:11.530", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0da9dfdd2cd9889201bc6f6f43580c99165cd087"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"}, {"source": "secalert@redhat.com", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/03/07/1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1787-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1788-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1792-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1793-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1794-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1795-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1796-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1797-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1798-1"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916646"}, {"source": "secalert@redhat.com", "url": "https://github.com/torvalds/linux/commit/0da9dfdd2cd9889201bc6f6f43580c99165cd087"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0da9dfdd2cd9889201bc6f6f43580c99165cd087"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2013/03/07/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1787-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1788-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1792-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1793-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1794-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1795-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1796-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1797-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1798-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916646"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/torvalds/linux/commit/0da9dfdd2cd9889201bc6f6f43580c99165cd087"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Mateusz Guzik (Red Hat EMEA GSS SEG Team).", "affected_release": [{"advisory": "RHSA-2013:0744", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-358.6.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-04-23T00:00:00Z"}, {"advisory": "RHSA-2013:0829", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-0:3.6.11.2-rt33.39.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2013-05-20T00:00:00Z"}], "bugzilla": {"description": "Kernel: keys: race condition in install_user_keyrings()", "id": "916646", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916646"}, "csaw": false, "cvss": {"cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified"}, "details": ["Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads."], "name": "CVE-2013-1792", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2013-03-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-1792\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1792"], "statement": "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue.", "threat_severity": "Moderate"}