Vigil@nce - Linux kernel: NULL pointer dereference via keyring_search_aux
May 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force a NULL pointer to be dereferenced via
keyring_search_aux() in the Linux kernel, in order to trigger a
denial of service.
Impacted products: Debian, Linux.
Severity: 2/4.
Creation date: 17/03/2017.
DESCRIPTION OF THE VULNERABILITY
The Linux kernel manages cryptographic keys, notably for use in
IPsec.
However, in the "request_key" system call, the function
keyring_search_aux() does not check whether a pointer is NULL,
before using it.
An attacker can therefore force a NULL pointer to be dereferenced
via keyring_search_aux() in the Linux kernel, in order to trigger
a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN