KEYS subsystem vulnerability in Linux kernel through 4.13.7 allows for denial of service and potential system crash

KEYS subsystem vulnerability in Linux kernel through 4.13.7 allows for denial of service and potential system crash

CVE-2017-15299 · MEDIUM Severity

AV:L/AC:L/AU:N/C:N/I:N/A:C

The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.