Vulnerability & Exploit Database

Back to search

Amazon Linux AMI: CVE-2017-12193: Security patch for kernel (ALAS-2017-925)

Severity CVSS Published Added Modified
4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) November 17, 2017 November 20, 2017 December 07, 2017

Description

The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

amazon-linux-upgrade-kernel

Related Vulnerabilities