#VU9777 Security restrictions bypass in Linux kernel
Vulnerability identifier: #VU9777
Vulnerability risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to the KEYS subsystem in the Linux kernel omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call. A local attacker can use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c and bypass intended security restrictions.
Mitigation
Update to version 4.14.6.
Vulnerable software versions
Linux kernel: 4.13.1 - 4.13.16, 4.12.1 - 4.12.14, 4.11.1 - 4.11.12, 4.10.0 - 4.10.17, 4.14 - 4.14.5
External links
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4dca6ea1d9432052afb06b...
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
