CVE-2017-17807 log
| Source |
|
| Severity | Low |
| Remote | No |
| Type | Access restriction bypass |
| Description | The KEYS subsystem in the Linux kernel before 4.14.6, 4.9.69, 4.4.107, 3.18.88, 3.16.52 and 3.2.97 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-565 | linux-lts | 4.9.68-1 | 4.9.69-1 | Medium | Fixed | |
| AVG-564 | linux-hardened | 4.14.5-1 | 4.14.6-1 | Medium | Fixed | |
| AVG-563 | linux-zen | 4.14.5-1 | 4.14.6-1 | Medium | Fixed | |
| AVG-562 | linux | 4.14.5-1 | 4.14.6-1 | Medium | Fixed |
| References |
|---|
https://git.kernel.org/linus/4dca6ea1d9432052afb06baf2e3ae78188a4410b |