UBUNTU-CVE-2017-7472

Details

The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.

Affected Packages(21 packages)

linux

Ubuntu 14.04 LTS

Fixed in:

3.13.0-132.181

linux-lts-xenial

Ubuntu 14.04 LTS

Fixed in:

4.4.0-79.100~14.04.1

linux

Ubuntu 16.04 LTS

Fixed in:

4.4.0-79.100

linux-aws

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1018.27

linux-gke

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1014.14

linux-hwe

Ubuntu 16.04 LTS

Fixed in:

4.10.0-32.36~16.04.1

linux-raspi2

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1057.64

linux-snapdragon

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1059.63

linux-azure

Ubuntu 18.04 LTS

Affected versions:

4.15.0-1002.24.15.0-1003.34.15.0-1004.44.15.0-1008.84.15.0-1009.94.15.0-1012.124.15.0-1013.134.15.0-1014.144.15.0-1018.184.15.0-1019.19+34 more

linux-gcp

Ubuntu 18.04 LTS

Affected versions:

4.15.0-1001.14.15.0-1003.34.15.0-1005.54.15.0-1006.64.15.0-1008.84.15.0-1009.94.15.0-1010.104.15.0-1014.144.15.0-1015.154.15.0-1017.18+28 more

References

REPORT

https://lkml.org/lkml/2017/4/1/235

REPORT

https://lkml.org/lkml/2017/4/3/724

REPORT

https://ubuntu.com/security/CVE-2017-7472

ADVISORY

https://ubuntu.com/security/notices/USN-3312-1

ADVISORY

https://ubuntu.com/security/notices/USN-3312-2

ADVISORY

https://ubuntu.com/security/notices/USN-3314-1

ADVISORY

https://ubuntu.com/security/notices/USN-3361-1

ADVISORY

https://ubuntu.com/security/notices/USN-3422-1

ADVISORY

https://ubuntu.com/security/notices/USN-3422-2

REPORT

https://www.cve.org/CVERecord?id=CVE-2017-7472