Required CVE Record Information
Description
The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands.
References 4 Total
- openwall.com: [oss-security] 20140304 CVE-2014-0102 -- Linux kernel: security: keyring cycle detector DoS mailing-list
- http://www.kernelhub.org/?msg=425013&p=2
- https://bugzilla.redhat.com/show_bug.cgi?id=1072419
- lkml.org: [linux-kernel] 20140227 kernel BUG at security/keys/keyring.c:1003! mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- openwall.com: [oss-security] 20140304 CVE-2014-0102 -- Linux kernel: security: keyring cycle detector DoS mailing-listx_transferred
- http://www.kernelhub.org/?msg=425013&p=2 x_transferred
- https://bugzilla.redhat.com/show_bug.cgi?id=1072419 x_transferred
- lkml.org: [linux-kernel] 20140227 kernel BUG at security/keys/keyring.c:1003! mailing-listx_transferred