High severity7.0NVD Advisory· Published May 7, 2010· Updated Apr 29, 2026

CVE-2010-1437

Description

Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function.

Affected products

Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Linux/Kernel6 versions
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <2.6.34
- cpe:2.3:o:linux:linux_kernel:2.6.34:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.34:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.34:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.34:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.34:rc5:*:*:*:*:*:*
OpenSUSE/openSUSE
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop
cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*
SUSE S.A./Linux Enterprise High Availability Extension
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:-:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Server
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

patchwork.kernel.org/patch/94664/nvdBroken LinkPatch
marc.infonvdExploitMailing List
marc.infonvdExploitMailing List
bugzilla.redhat.com/show_bug.cginvdExploitIssue TrackingPatch
www.securityfocus.com/archive/1/516397/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/39719nvdBroken LinkThird Party AdvisoryVDB Entry
www.vmware.com/security/advisories/VMSA-2011-0003.htmlnvdThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/58254nvdThird Party AdvisoryVDB Entry
lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.htmlnvdMailing List
marc.infonvdMailing List
secunia.com/advisories/39830nvdBroken Link
secunia.com/advisories/40218nvdBroken Link
secunia.com/advisories/40645nvdBroken Link
secunia.com/advisories/43315nvdBroken Link
www.debian.org/security/2010/dsa-2053nvdMailing List
www.openwall.com/lists/oss-security/2010/04/27/2nvdMailing List
www.openwall.com/lists/oss-security/2010/04/28/2nvdMailing List
www.redhat.com/support/errata/RHSA-2010-0474.htmlnvdBroken Link
www.vupen.com/english/advisories/2010/1857nvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9715nvdBroken Link
patchwork.kernel.org/patch/94038/nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000