CVE-2017-18270

In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.

From the Ubuntu Security Team

It was discovered that the keyring subsystem in the Linux kernel did not properly prevent a user from creating keyrings for other users. A local attacker could use this cause a denial of service or expose sensitive information.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	17.10 artful	Fixed 4.13.0-17.20
	16.04 LTS xenial	Fixed 4.4.0-98.121
	14.04 LTS trusty	Fixed 3.13.0-157.207
linux-aws	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	17.10 artful	Not in release
	16.04 LTS xenial	Fixed 4.4.0-1039.48
	14.04 LTS trusty	Not affected
linux-azure	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	17.10 artful	Not in release
	16.04 LTS xenial	Fixed 4.13.0-1005.7
	14.04 LTS trusty	Not affected
linux-azure-edge	18.10 cosmic	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-euclid	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	17.10 artful	Not in release
	16.04 LTS xenial	Ignored
	14.04 LTS trusty	Not in release
linux-flo	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	17.10 artful	Not in release
	16.04 LTS xenial	Ignored
	14.04 LTS trusty	Not in release
linux-gcp	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	17.10 artful	Not in release
	16.04 LTS xenial	Fixed 4.13.0-1002.5
	14.04 LTS trusty	Not in release
linux-gke	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	17.10 artful	Not in release
	16.04 LTS xenial	Ignored
	14.04 LTS trusty	Not in release
linux-goldfish	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	17.10 artful	Not in release
	16.04 LTS xenial	Ignored
	14.04 LTS trusty	Not in release
linux-grouper	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	17.10 artful	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-hwe	18.10 cosmic	Not in release
	18.04 LTS bionic	Not affected
	17.10 artful	Not in release
	16.04 LTS xenial	Fixed 4.13.0-26.29~16.04.2
	14.04 LTS trusty	Not in release
linux-hwe-edge	18.10 cosmic	Not in release
	18.04 LTS bionic	Not affected
	17.10 artful	Not in release
	16.04 LTS xenial	Fixed 4.13.0-26.29~16.04.2
	14.04 LTS trusty	Not in release
linux-kvm	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	17.10 artful	Not in release
	16.04 LTS xenial	Fixed 4.4.0-1009.14
	14.04 LTS trusty	Not in release
linux-lts-trusty	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	17.10 artful	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-lts-utopic	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	17.10 artful	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-lts-vivid	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	17.10 artful	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-lts-wily	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	17.10 artful	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-lts-xenial	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	17.10 artful	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Fixed 4.4.0-98.121~14.04.1
linux-maguro	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	17.10 artful	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-mako	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	17.10 artful	Not in release
	16.04 LTS xenial	Ignored
	14.04 LTS trusty	Not in release
linux-manta	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	17.10 artful	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-oem	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	17.10 artful	Not in release
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-raspi2	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	17.10 artful	Fixed 4.13.0-1006.6
	16.04 LTS xenial	Fixed 4.4.0-1076.84
	14.04 LTS trusty	Not in release
linux-snapdragon	18.10 cosmic	Not in release
	18.04 LTS bionic	Not affected
	17.10 artful	Fixed 4.4.0-1078.83
	16.04 LTS xenial	Fixed 4.4.0-1078.83
	14.04 LTS trusty	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
linux	Introduced by 69664cf, fixed by 237bbd2

Severity score breakdown

Parameter	Value
Base score	7.1 · High
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	High
Availability impact	High
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

References

Related Ubuntu Security Notices (USN)

USN-3754-1
Linux kernel vulnerabilities
24 August 2018