Denial of service in Linux kernel - CVE-2017-18270
Published: May 22, 2018
Vulnerability identifier: #VU12918
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-18270
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to improper security restrictions during the creation of user keyrings. A local attacker can submit keyctl commands, create keyrings of other users on the system and cause the service to crash.
The weakness exists due to improper security restrictions during the creation of user keyrings. A local attacker can submit keyctl commands, create keyrings of other users on the system and cause the service to crash.
How to mitigate CVE-2017-18270
Update to version 4.13.5.