Vigil@nce: Linux kernel, denial of service via get_instantiation_keyring
October 2009 by Vigil@nce
A local attacker can use cryptographic keys, in order to stop the
kernel, and eventually to execute code.
– Severity: 1/4
– Consequences: administrator access/rights, denial of service of
computer
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 22/10/2009
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The Linux kernel can store cryptographic keys, in a secured store.
The get_instantiation_keyring() function is used when a key is
created. The user can request this function to search for a key
ring where to attach this key. However, in this case, the number
of keys in the keying is not incremented. When the keying is
emptied, the number if keys becomes negative, which generates a
memory access error.
A local attacker can therefore use cryptographic keys, in order to
stop the kernel, and eventually to execute code.
CHARACTERISTICS
– Identifiers: CVE-2009-3624, VIGILANCE-VUL-9110
– Url: http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-get-instantiation-keyring-9110