Patch for CVE
The description states :
The key_reject_and_link
function in security/keys/key.c
in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl
request2 command.
Questions:
Since the root cause of this CVE is that __key_link_begin fails, and variable edit is uninitialized, the method to fix this problem is to detect such failure of __key_link_begin. From my knowledge, link_ret is the return value of __key_link_begin(), the patch adds one condition ( link_ret == 0
) to verify whether __key_link_begin fails or not.
I think it should not involve race condition here. My guess is from the stack trace shown in the patch
Please refer to the answer of Question 1.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.