{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-09-18T00:00:00", "descriptions": [{"lang": "en", "value": "The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-15T09:57:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493435"}, {"name": "USN-3583-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3583-2/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5"}, {"name": "USN-3583-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3583-1/"}, {"name": "RHSA-2018:0151", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0151"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/37863c43b2c6464f252862bf2e9768264e961678"}, {"tags": ["x_refsource_MISC"], "url": "https://lkml.org/lkml/2017/9/18/764"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:28:16.783Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493435"}, {"name": "USN-3583-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3583-2/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5"}, {"name": "USN-3583-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3583-1/"}, {"name": "RHSA-2018:0151", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0151"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/37863c43b2c6464f252862bf2e9768264e961678"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lkml.org/lkml/2017/9/18/764"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-12192", "datePublished": "2017-10-12T00:00:00", "dateReserved": "2017-08-01T00:00:00", "dateUpdated": "2024-08-05T18:28:16.783Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "928AB8DD-8573-4425-803D-1B164491BF77", "versionEndIncluding": "4.13.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation."}, {"lang": "es", "value": "La funci\u00f3n keyctl_read_key en security/keys/keyctl.c en el subcomponente Key Management en el kernel de Linux en versiones anteriores a la 4.13.5 no considera correctamente que se puede tener una clave instanciada negativamente, lo que permite que los usuarios locales provoquen una denegaci\u00f3n de servicio (OOPS y cierre inesperado del sistema) mediante una operaci\u00f3n KEYCTL_READ manipulada."}], "id": "CVE-2017-12192", "lastModified": "2024-11-21T03:09:01.443", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-12T00:29:00.207", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:0151"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493435"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/torvalds/linux/commit/37863c43b2c6464f252862bf2e9768264e961678"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lkml.org/lkml/2017/9/18/764"}, {"source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/3583-1/"}, {"source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/3583-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:0151"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493435"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/torvalds/linux/commit/37863c43b2c6464f252862bf2e9768264e961678"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lkml.org/lkml/2017/9/18/764"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3583-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3583-2/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:2430", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-754.30.2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-06-09T00:00:00Z"}, {"advisory": "RHSA-2018:0152", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-693.17.1.rt56.636.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-01-25T00:00:00Z"}, {"advisory": "RHSA-2018:0151", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-693.17.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-01-25T00:00:00Z"}, {"advisory": "RHSA-2018:0654", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-alt-0:4.14.0-49.el7a", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-04-10T00:00:00Z"}, {"advisory": "RHSA-2018:0181", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-1:3.10.0-693.17.1.rt56.604.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2018-01-25T00:00:00Z"}], "bugzilla": {"description": "kernel: NULL pointer dereference due to KEYCTL_READ on negative key", "id": "1493435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493435"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation.", "A vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCL_READ on a negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel."], "name": "CVE-2017-12192", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2017-09-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-12192\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12192\nhttp://seclists.org/oss-sec/2017/q4/63"], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2.\nFuture Linux kernel updates for the respective releases will address this issue.", "threat_severity": "Moderate"}