CVE-2015-7550

Impact:
Moderate
Public Date:
2015-12-10
CWE:
CWE-476
Bugzilla:
1291197: CVE-2015-7550 kernel: User triggerable crash from race between key read and rey revoke
A NULL-pointer dereference flaw was found in the kernel, which is caused by a race between revoking a user-type key and reading from it. The issue could be triggered by an unprivileged user with a local account, causing the kernel to crash (denial of service).

Find out more about CVE-2015-7550 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 5,6 and 7 and may be addressed in a future update.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 4.6
Base Metrics AV:L/AC:L/Au:S/C:N/I:N/A:C
Access Vector Local
Access Complexity Low
Authentication Single
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Will not fix
Red Hat Enterprise Linux 7 kernel-rt Will not fix
Red Hat Enterprise Linux 7 kernel Will not fix
Red Hat Enterprise Linux 6 kernel Will not fix
Red Hat Enterprise Linux 5 kernel Will not fix

Acknowledgements

Red Hat would like to thank Dmitry Vyukov of Google for reporting this issue.

Last Modified