NVD Vulnerability Detail

CVE-2017-15274

Summary	security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.
Publication Date	Oct. 12, 2017, 9:29 a.m.
Registration Date	Jan. 26, 2021, 1:16 p.m.
Last Update	Nov. 21, 2024, 12:14 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::			4.11.4

Related information, measures and tools

No	URL	タグ
1	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5649645d725c73df4302428ee4e02c869248b4c5	Issue Tracking Patch Third Party Advisory
2	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5649645d725c73df4302428ee4e02c869248b4c5	Issue Tracking Patch Third Party Advisory
3	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5	Release Notes Vendor Advisory
4	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5	Release Notes Vendor Advisory
5	http://www.securityfocus.com/bid/101292	Third Party Advisory VDB Entry
6	http://www.securityfocus.com/bid/101292	Third Party Advisory VDB Entry
7	https://access.redhat.com/errata/RHSA-2019:1946
8	https://access.redhat.com/errata/RHSA-2019:1946
9	https://bugzilla.suse.com/show_bug.cgi?id=1045327	Issue Tracking Third Party Advisory
10	https://bugzilla.suse.com/show_bug.cgi?id=1045327	Issue Tracking Third Party Advisory
11	https://github.com/torvalds/linux/commit/5649645d725c73df4302428ee4e02c869248b4c5	Issue Tracking Patch Third Party Advisory
12	https://github.com/torvalds/linux/commit/5649645d725c73df4302428ee4e02c869248b4c5	Issue Tracking Patch Third Party Advisory
13	https://patchwork.kernel.org/patch/9781573/	Issue Tracking Patch Vendor Advisory
14	https://patchwork.kernel.org/patch/9781573/	Issue Tracking Patch Vendor Advisory
15	https://usn.ubuntu.com/3583-1/
16	https://usn.ubuntu.com/3583-1/
17	https://usn.ubuntu.com/3583-2/
18	https://usn.ubuntu.com/3583-2/

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-476	NULL ポインタデリファレンス	https://cwe.mitre.org/data/definitions/476.html

JVN Vulnerability Information

Linux kernelにおける NULL ポインタデリファレンスに関する脆弱性

Title	Linux kernelにおける NULL ポインタデリファレンスに関する脆弱性
Summary	Linux kernelには、NULL ポインタデリファレンスに関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 14, 2017, midnight
Registration Date	Nov. 9, 2017, 10:44 a.m.
Last Update	Nov. 9, 2017, 10:44 a.m.

Affected System

Linux

Linux Kernel 4.11.5 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-15274	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15274
National Vulnerability Database (NVD)
2	CVE-2017-15274	https://nvd.nist.gov/vuln/detail/CVE-2017-15274

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-476	http://cwe.mitre.org/data/definitions/476.html

ベンダー情報

No	Name	URL
Bugzilla
1	Bug 1045327	https://bugzilla.suse.com/show_bug.cgi?id=1045327
ChangeLog
2	ChangeLog-4.11.5	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5
GitHub
3	fix dereferencing NULL payload with nonzero length	https://github.com/torvalds/linux/commit/5649645d725c73df4302428ee4e02c869248b4c5
Linux Kernel
4	Linux Kernel Archives	http://www.kernel.org
Linux kernel source tree
5	fix dereferencing NULL payload with nonzero length	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5649645d725c73df4302428ee4e02c869248b4c5
Patchwork Linux network development
6	fix dereferencing NULL payload with nonzero length	https://patchwork.kernel.org/patch/9781573/

Change Log

No	Changed Details	Date of change
0	[2017年11月09日] 掲載	Feb. 17, 2018, 10:37 a.m.