Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:keys: Fix UAF in key_put()Once a key's reference count has been reduced to 0, the garbage collectorthread may destroy it at any time and so key_put() is not allowed to touchthe key after that point. The most key_put() is normally allowed to do isto touch key_gc_work as that's a static global variable.However, in an effort to speed up the reclamation of quota, this is nowdone in key_put() once the key's usage is reduced to 0 - but now the codeis looking at the key after the deadline, which is forbidden.Fix this by using a flag to indicate that a key can be gc'd now rather thanlooking at the key's refcount in the garbage collector.
No PoCs from references.
- https://github.com/ejaz629/Prober-M1