Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-16939

Опубликовано: 24 нояб. 2017
Источник: redhat
CVSS3: 8.1
CVSS2: 6.2
EPSS Низкий

Описание

The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.

The Linux kernel is vulerable to a use-after-free flaw when Transformation User configuration interface(CONFIG_XFRM_USER) compile-time configuration were enabled. This vulnerability occurs while closing a xfrm netlink socket in xfrm_dump_policy_done. A user/process could abuse this flaw to potentially escalate their privileges on a system.

Отчет

This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. This issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2018:135508.05.2018
Red Hat Enterprise Linux 7kernel-altFixedRHSA-2018:065410.04.2018
Red Hat Enterprise Linux 7kernelFixedRHSA-2018:131808.05.2018
Red Hat Enterprise Linux 7.4 Extended Update SupportkernelFixedRHSA-2019:117014.05.2019
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2019:119014.05.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1517220Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation

EPSS

Процентиль: 92%
0.08986
Низкий

8.1 High

CVSS3

6.2 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2017-16939

CVSS3: 7.8
ubuntu
больше 7 лет назад

The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.

nvd логотип

CVE-2017-16939

CVSS3: 7.8
nvd
больше 7 лет назад

The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.

debian логотип

CVE-2017-16939

CVSS3: 7.8
debian
больше 7 лет назад

The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Lin ...

suse-cvrf логотип

SUSE-SU-2017:3338-1

suse-cvrf
больше 7 лет назад

Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP1)

github логотип

GHSA-87xr-wmm8-4mx3

CVSS3: 7.8
github
около 3 лет назад

The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.

EPSS

Процентиль: 92%
0.08986
Низкий

8.1 High

CVSS3

6.2 Medium

CVSS2