Home CVE Database CVE-2017-17807

CVE-2017-17807

Description

The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task\'s default request-key keyring via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.

Priority: LOW
CVSS v3: 3.3
Publish Date: Dec 20, 2017
Related ID: --
CVSS v2: Low
Modified Date: Dec 20, 2017

Find out more about CVE-2017-17807 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

linux

Live chat
Online