Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2017-12193

Public on 2017-11-18
Modified on 2017-11-20
Description

A flaw was found in the Linux kernel's implementation of associative arrays introduced in 3.13. This functionality was backported to the 3.10 kernels in Red Hat Enterprise Linux 7. The flaw involved a null pointer dereference in assoc_array_apply_edit() due to incorrect node-splitting in assoc_array implementation. This affects the keyring key type and thus key addition and link creation operations may cause the kernel to panic.

Severity
Medium
See what this means
CVSS v3 Base Score
4.7
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 kernel 2017-11-18 02:03 ALAS-2017-925

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv3 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv2 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C