CVE-2017-18270 Information

Feb 14, 2021 cve

Description

In the Linux kernel before 4.13.5 a local user could create keyrings for other users via keyctl commands setting unwanted defaults or causing a denial of service.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Reference

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=237bbd29f7a049d310d907f4b2716a7feef9abf3 http://www.securityfocus.com/bid/104254 https://bugzilla.redhat.com/show_bug.cgi?id=1580979 https://bugzilla.redhat.com/show_bug.cgi?id=1856774c11 https://bugzilla.redhat.com/show_bug.cgi?id=1856774c9 https://github.com/torvalds/linux/commit/237bbd29f7a049d310d907f4b2716a7feef9abf3 https://support.f5.com/csp/article/K37301725 https://usn.ubuntu.com/3754-1/ https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.1

Share on: