The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_enterprise_real_time_extension | Suse | 12 | 12 |
Ubuntu_linux | Canonical | 14.04 | 14.04 |
Ubuntu_linux | Canonical | 12.04 | 12.04 |