VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel.
Advisory: CVE-2017-17807
Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-17807
CVSS severity score: 2.1/10.0
Description:
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.
This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.
Comment 1 by groeck@chromium.org
, Jan 9 2018Owner: groeck@chromium.org
Status: Assigned (was: Untriaged)
Upstream 4dca6ea1d94320 ("KEYS: add missing permission check for request_key() destination"). Already fixed in chromeos-4.4 and chromeos-4.14 with stable release merges. May fix in chromeos-3.18. No plan to push into stable releases due to low severity.