Use After Free Affecting kernel-bootwrapper package, versions <0:3.10.0-229.7.2.el7
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL7-KERNELBOOTWRAPPER-5069000
- published 26 Jul 2021
- disclosed 29 Dec 2014
Introduced: 29 Dec 2014
CVE-2014-9529 Open this link in a new tabHow to fix?
Upgrade RHEL:7
kernel-bootwrapper
to version 0:3.10.0-229.7.2.el7 or higher.
This issue was patched in RHSA-2015:1137
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-bootwrapper
package and not the kernel-bootwrapper
package as distributed by RHEL
.
See How to fix?
for RHEL:7
relevant fixed versions and status.
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.
References
- http://www.securityfocus.com/bid/71880
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a3a8784454692dd72e5d5d34dcdab17b4420e74c
- https://bugzilla.redhat.com/show_bug.cgi?id=1179813
- https://github.com/torvalds/linux/commit/a3a8784454692dd72e5d5d34dcdab17b4420e74c
- https://access.redhat.com/security/cve/CVE-2014-9529
- http://www.debian.org/security/2015/dsa-3128
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:058
- http://www.openwall.com/lists/oss-security/2015/01/06/10
- http://rhn.redhat.com/errata/RHSA-2015-0864.html
- http://rhn.redhat.com/errata/RHSA-2015-1137.html
- http://rhn.redhat.com/errata/RHSA-2015-1138.html
- https://access.redhat.com/errata/RHSA-2015:1137
- http://www.securitytracker.com/id/1036763
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html
- http://www.ubuntu.com/usn/USN-2511-1
- http://www.ubuntu.com/usn/USN-2512-1
- http://www.ubuntu.com/usn/USN-2513-1
- http://www.ubuntu.com/usn/USN-2514-1
- http://www.ubuntu.com/usn/USN-2515-1
- http://www.ubuntu.com/usn/USN-2516-1
- http://www.ubuntu.com/usn/USN-2517-1
- http://www.ubuntu.com/usn/USN-2518-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99641
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a3a8784454692dd72e5d5d34dcdab17b4420e74c