CVE-2017-12193

CVE-2017-12193

Vendor N/A
Product Linux kernel since 3.13 up to 4.14 (not including)
Weakness CWE-476
Published November 22, 2017
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations.

Key dates

02Disclosure timeline

November 22, 2017 CVE published
August 5, 2024 Record updated