David Howells

12 exploits Active since Nov 2009
CVE-2013-1792 WRITEUP WRITEUP
Linux Kernel < 3.8.2 - Race Condition
Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads.
CVE-2015-1333 WRITEUP WRITEUP
Linux kernel <4.1.4 - DoS
Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys.
CVE-2016-7914 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.5.2 - NULL Pointer Dereference
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite.
CVSS 5.5
CVE-2016-8650 WRITEUP MEDIUM WRITEUP
Linux kernel <4.8.11 - DoS
The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.
CVSS 5.5
CVE-2016-9313 WRITEUP HIGH WRITEUP
Linux kernel <4.8.7 - DoS
security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type.
CVSS 7.8
CVE-2017-12193 WRITEUP MEDIUM WRITEUP
Linux kernel <4.13.11 - DoS
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations.
CVSS 5.5
CVE-2017-15274 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.11.4 - NULL Pointer Dereference
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.
CVSS 5.5
CVE-2017-15951 WRITEUP HIGH WRITEUP
Linux Kernel < 4.4.95 - Improper Input Validation
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls.
CVSS 7.8
CVE-2017-17807 WRITEUP LOW WRITEUP
Linux Kernel < 4.14.6 - Missing Authorization
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.
CVSS 3.3
CVE-2022-2959 WRITEUP HIGH WRITEUP
Linux Kernel < 5.10.120 - Race Condition
A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVSS 7.0
CVE-2023-2006 WRITEUP HIGH WRITEUP
Linux Kernel < 5.10.157 - Race Condition
A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.
CVSS 7.0
CVE-2009-3888 EXPLOITDB c STUB
Linux Kernel <2.6.31.6 - DoS
The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial of service (OOPS) via an application that attempts to allocate a large amount of memory.