CVE-2017-18203

Опубликовано: 01 нояб. 2017

Источник: redhat

CVSS3: 4.7

Описание

The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.

The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, as the code with the flaw is not present in this product.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Affected
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2018:1854	19.06.2018
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2018:0676	10.04.2018
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2018:1062	10.04.2018
Red Hat Enterprise Linux 7	kernel-alt	Fixed	RHSA-2019:4154	10.12.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-362->CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1550811kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service

4.7 Medium

CVSS3