Published: 08 September 2010

The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function.

From the Ubuntu security team

Tavis Ormandy discovered that the session keyring did not correctly check for its parent. On systems without a default session keyring, a local attacker could exploit this to crash the system, leading to a denial of service.



CVSS 3 base score: 7.8