CVE-2011-4110
Published: 23 November 2011
The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."
From the Ubuntu security team
A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system.
Priority
Status
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4110
- http://www.openwall.com/lists/oss-security/2011/11/21/19
- https://lkml.org/lkml/2011/11/15/363
- https://ubuntu.com/security/notices/USN-1318-1
- https://ubuntu.com/security/notices/USN-1319-1
- https://ubuntu.com/security/notices/USN-1322-1
- https://ubuntu.com/security/notices/USN-1323-1
- https://ubuntu.com/security/notices/USN-1325-1
- https://ubuntu.com/security/notices/USN-1324-1
- https://ubuntu.com/security/notices/USN-1328-1
- https://ubuntu.com/security/notices/USN-1330-1
- https://ubuntu.com/security/notices/USN-1332-1
- https://ubuntu.com/security/notices/USN-1337-1
- https://ubuntu.com/security/notices/USN-1340-1
- https://ubuntu.com/security/notices/USN-1341-1
- https://ubuntu.com/security/notices/USN-1344-1
- https://ubuntu.com/security/notices/USN-1345-1
- https://ubuntu.com/security/notices/USN-1336-1
- NVD
- Launchpad
- Debian