The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands.
cpe:2.3:o:linux:linux_kernel:*:rc4:*:*:*:*:*:* versions up to 2.6.32 (inclusive)
|43631||SuSE 11.2 Security Update: kernel (2009-12-18)||Nessus||SuSE Local Security Checks|
|43026||Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : linux, linux-source-2.6.15 vulnerabilities (USN-864-1)||Nessus||Ubuntu Local Security Checks|
|42400||Fedora 11 : kernel-126.96.36.199-96.fc11 (2009-11032)||Nessus||Fedora Local Security Checks|