The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the requestkey() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to constructgetdestkeyring() in security/keys/request_key.c.
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-17807.json"
[
{
"id": "CVE-2017-17807-71279dd7",
"target": {
"function": "construct_get_dest_keyring",
"file": "security/keys/request_key.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@4dca6ea1d9432052afb06baf2e3ae78188a4410b",
"digest": {
"function_hash": "325272098245645889547911323306450746149",
"length": 1242.0
},
"signature_type": "Function"
},
{
"id": "CVE-2017-17807-7a7672a4",
"target": {
"function": "construct_key_and_link",
"file": "security/keys/request_key.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@4dca6ea1d9432052afb06baf2e3ae78188a4410b",
"digest": {
"function_hash": "212724227044186400227069643077165405180",
"length": 962.0
},
"signature_type": "Function"
},
{
"id": "CVE-2017-17807-d6288745",
"target": {
"file": "security/keys/request_key.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@4dca6ea1d9432052afb06baf2e3ae78188a4410b",
"digest": {
"threshold": 0.9,
"line_hashes": [
"22931372997670518227146341661353714576",
"183997778279809526193906023123086354493",
"155149349498909509000094946663105360216",
"199928940373023883827999898527063566344",
"10002182410766209477399516849963450792",
"220627629818683715569556235585318784170",
"253386963633893867438908495245393065014",
"257019211770820863538954552883209480797",
"126731186056999168945885028410957616330",
"303346444050268802807361509494410732978",
"143606263782760272890139938726001184161",
"88677906584917648730320569415387396267",
"30513758813853723575286172124862459249",
"316395332075111779573791748964036041989",
"126344714140519429505631400369445749669",
"202078138241380801218071086219976200418",
"223899933280285436188165695439172557524",
"285332807087254053125278709265173460504",
"36860445263020839863244372534235478699",
"38359327784041861689241047575441809509",
"250017760607189508290853733844126179144",
"281033000225627294054973400438741130218",
"112497422025965298469872924303609081517",
"331694390551403819953671605182369976940",
"326349170989441217015786103343058521767",
"178294603215092695503176638423271754596",
"266724478257522870180277535626108879083",
"48420680631368004226952964721467600157",
"33471764240696942018749123073017623659",
"226468343685532759172038036998855315118",
"57174773577839780902695937938292435367",
"208401567070696827652339255742822723267",
"50901966217987196771504630885539552435",
"136768783982178928452970637123324814610",
"282093565496416302157580192798143878531",
"286616967420243631179486136529945317621",
"33896451233092354361602320050106987510",
"280574988313621205177115071032841309890",
"113332644925007890930452694127827026435",
"237053128894546575199346450646639241650",
"251838978106685227549720928760009379236"
]
},
"signature_type": "Line"
}
]