CVE-2017-7472

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d68164712e3204bf5271b

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html

http://openwall.com/lists/oss-security/2017/05/11/1

http://www.securityfocus.com/bid/98422

http://www.securitytracker.com/id/1038471

https://access.redhat.com/errata/RHSA-2018:0151

https://access.redhat.com/errata/RHSA-2018:0152

https://access.redhat.com/errata/RHSA-2018:0181

https://bugzilla.novell.com/show_bug.cgi?id=1034862

https://bugzilla.redhat.com/show_bug.cgi?id=1442086

https://github.com/torvalds/linux/commit/c9f838d104fed6f2f61d68164712e3204bf5271b

https://lkml.org/lkml/2017/4/1/235

https://lkml.org/lkml/2017/4/3/724

https://www.exploit-db.com/exploits/42136/

https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.13

Details

Source: MITRE

Published: 2017-05-11

Updated: 2019-10-03

Type: CWE-404

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.10.12 (inclusive)

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
131845EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)NessusHuawei Local Security Checks
critical
130736EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)NessusHuawei Local Security Checks
critical
127165NewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0014)NessusNewStart CGSL Local Security Checks
high
125283SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1289-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusSuSE Local Security Checks
high
124827EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1504)NessusHuawei Local Security Checks
critical
124802EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1478)NessusHuawei Local Security Checks
high
106525RHEL 6 : kernel-rt (RHSA-2018:0181)NessusRed Hat Local Security Checks
high
106364Oracle Linux 7 : kernel (ELSA-2018-0151) (Meltdown) (Spectre)NessusOracle Linux Local Security Checks
high
106353CentOS 7 : kernel (CESA-2018:0151) (Meltdown) (Spectre)NessusCentOS Local Security Checks
high
106340Scientific Linux Security Update : kernel on SL7.x x86_64 (20180125) (Meltdown) (Spectre)NessusScientific Linux Local Security Checks
high
106331RHEL 7 : kernel-rt (RHSA-2018:0152)NessusRed Hat Local Security Checks
high
106330RHEL 7 : kernel (RHSA-2018:0151) (Meltdown) (Spectre)NessusRed Hat Local Security Checks
high
105685SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0040-1) (BlueBorne) (KRACK) (Meltdown) (Spectre)NessusSuSE Local Security Checks
high
105575SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0011-1) (Meltdown) (Spectre)NessusSuSE Local Security Checks
high
103326Ubuntu 14.04 LTS : linux vulnerabilities (USN-3422-1) (BlueBorne)NessusUbuntu Local Security Checks
high
101929Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3361-1)NessusUbuntu Local Security Checks
critical
100668Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3314-1)NessusUbuntu Local Security Checks
critical
100665Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3312-2)NessusUbuntu Local Security Checks
critical
100664Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities (USN-3312-1)NessusUbuntu Local Security Checks
critical
99733Debian DLA-922-1 : linux security updateNessusDebian Local Security Checks
high
99710Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-031)NessusVirtuozzo Local Security Checks
medium
99599Virtuozzo 7 : readykernel-patch (VZA-2017-029)NessusVirtuozzo Local Security Checks
high