#VU12918 Denial of service in Linux kernel - CVE-2017-18270
Published: May 22, 2018
Vulnerability identifier: #VU12918
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-18270
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to improper security restrictions during the creation of user keyrings. A local attacker can submit keyctl commands, create keyrings of other users on the system and cause the service to crash.
The weakness exists due to improper security restrictions during the creation of user keyrings. A local attacker can submit keyctl commands, create keyrings of other users on the system and cause the service to crash.
Remediation
Update to version 4.13.5.