{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-27T00:00:00", "descriptions": [{"lang": "en", "value": "The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the \"negative\" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-01T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=363b02dab09b3226f3bd1420dad9c72b79a42a76"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/363b02dab09b3226f3bd1420dad9c72b79a42a76"}, {"name": "101621", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101621"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.10"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15951", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the \"negative\" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=363b02dab09b3226f3bd1420dad9c72b79a42a76", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=363b02dab09b3226f3bd1420dad9c72b79a42a76"}, {"name": "https://github.com/torvalds/linux/commit/363b02dab09b3226f3bd1420dad9c72b79a42a76", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/363b02dab09b3226f3bd1420dad9c72b79a42a76"}, {"name": "101621", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101621"}, {"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.10", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.10"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:13:06.206Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=363b02dab09b3226f3bd1420dad9c72b79a42a76"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/363b02dab09b3226f3bd1420dad9c72b79a42a76"}, {"name": "101621", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101621"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.10"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-15951", "datePublished": "2017-10-28T02:00:00", "dateReserved": "2017-10-27T00:00:00", "dateUpdated": "2024-08-05T20:13:06.206Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4397FA2C-1EE8-4F42-9823-2D85B8C20976", "versionEndExcluding": "4.4.95", "versionStartIncluding": "4.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6690C73-23A3-4475-97D0-8CB96812E2FB", "versionEndExcluding": "4.9.59", "versionStartIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "86038BA0-0886-479E-AD71-D78363937D66", "versionEndExcluding": "4.13.10", "versionStartIncluding": "4.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the \"negative\" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls."}, {"lang": "es", "value": "El subsistema KEYS en el kernel de Linux en versiones anteriores a la 4.13.10 no sincroniza correctamente las acciones de actualizaci\u00f3n con las de detecci\u00f3n de una clave en el estado \"negative\" para evitar una condici\u00f3n de carrera, lo que permite que los usuarios locales provoquen una denegaci\u00f3n de servicio (DoS) o, posiblemente, cause otro impacto no especificado mediante llamadas al sistema manipuladas."}], "id": "CVE-2017-15951", "lastModified": "2023-01-19T15:45:25.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-28T02:29:00.217", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=363b02dab09b3226f3bd1420dad9c72b79a42a76"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.10"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101621"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/363b02dab09b3226f3bd1420dad9c72b79a42a76"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: Race condition in the KEYS subsystem", "id": "1507539", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1507539"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-362", "details": ["The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the \"negative\" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls.", "The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the \"negative\" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls."], "name": "CVE-2017-15951", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2017-10-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-15951\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15951"], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG 2 as a code with the flaw is not present in the products listed.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.13.10"}