Published: 08 September 2010
The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 126.96.36.199 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function.
From the Ubuntu security team
Tavis Ormandy discovered that the session keyring did not correctly check for its parent. On systems without a default session keyring, a local attacker could exploit this to crash the system, leading to a denial of service.
CVSS 3 base score: 7.8
system crash without pam_keyinit