Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2017-17807 - log back

CVE-2017-17807 created at 25 Sep 2019 19:31:40

Severity

+

Low

Remote

+

Local

Type

+	Access restriction bypass

Description

+

The KEYS subsystem in the Linux kernel before 4.14.6, 4.9.69, 4.4.107, 3.18.88, 3.16.52 and 3.2.97 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.

References

+	https://git.kernel.org/linus/4dca6ea1d9432052afb06baf2e3ae78188a4410b

Notes