VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel.
Advisory: CVE-2016-9604
Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2016-9604
CVSS severity score: 2.1/10.0
Description:
It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.
This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.
Comment 1 by zsm@chromium.org
, Sep 12Labels: Security_Severity-Low Security_Impact-Stable Pri-3
Owner: zsm@chromium.org
Status: WontFix (was: Untriaged)
Upstream fix is ee8f844e3 ("KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings"). This is present in v4.14, v4.4, v3.18. Marking as WontFix for older kernels due to low severity.