Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function.
Software | From | Fixed in |
---|---|---|
debian / debian_linux | 5.0 | 5.0.x |
linux / linux_kernel | - | 2.6.34 |
linux / linux_kernel | 2.6.34-rc1 | 2.6.34-rc1.x |
linux / linux_kernel | 2.6.34-rc2 | 2.6.34-rc2.x |
linux / linux_kernel | 2.6.34-rc3 | 2.6.34-rc3.x |
linux / linux_kernel | 2.6.34-rc4 | 2.6.34-rc4.x |
linux / linux_kernel | 2.6.34-rc5 | 2.6.34-rc5.x |
opensuse / opensuse | 11.1 | 11.1.x |
suse / linux_enterprise_desktop | 11 | 11.x |
suse / linux_enterprise_server | 11 | 11.x |
suse / linux_enterprise_high_availability_extension | 11 | 11.x |