github - ghsa-gx7p-6h8g-757g

ghsa-gx7p-6h8g-757g

Vulnerability from github

Published

2022-05-02 03:46

Modified

2022-05-02 03:46

Details

The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-3624"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-11-02T15:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands.",
  "id": "GHSA-gx7p-6h8g-757g",
  "modified": "2022-05-02T03:46:58Z",
  "published": "2022-05-02T03:46:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3624"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=21279cfa107af07ef985539ac0de2152b9cba5f5"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21279cfa107af07ef985539ac0de2152b9cba5f5"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=oss-security\u0026m=125619420905341\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=oss-security\u0026m=125624091417161\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37086"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38017"
    },
    {
      "type": "WEB",
      "url": "http://twitter.com/spendergrsec/statuses/4916661870"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc5"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-864-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2009-3624

Vulnerability from cvelistv5

Published

2009-11-02 15:00

Modified

2024-08-07 06:38

Severity

Summary

References

URL	Tags
http://marc.info/?l=oss-security&m=125619420905341&w=2	mailing-list, x_refsource_MLIST
http://www.ubuntu.com/usn/usn-864-1	vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html	vendor-advisory, x_refsource_SUSE
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=21279cfa107af07ef985539ac0de2152b9cba5f5	x_refsource_CONFIRM
http://twitter.com/spendergrsec/statuses/4916661870	x_refsource_MISC
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc5	x_refsource_CONFIRM
http://marc.info/?l=oss-security&m=125624091417161&w=2	mailing-list, x_refsource_MLIST
http://secunia.com/advisories/37086	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/38017	third-party-advisory, x_refsource_SECUNIA

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website