The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Vm_server | Oracle | 3.4 | 3.4 |
Vm_server | Oracle | 3.3 | 3.3 |