Описание
The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 4.10.0-19.21 |
| devel | not-affected | 4.13.0-16.19 |
| esm-infra-legacy/trusty | not-affected | 3.13.0-115.162 |
| esm-infra/xenial | not-affected | 4.4.0-71.92 |
| precise | released | 3.2.0-125.168 |
| precise/esm | not-affected | 3.2.0-125.168 |
| trusty | released | 3.13.0-115.162 |
| trusty/esm | not-affected | 3.13.0-115.162 |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | released | 3.2.0-1686.113 |
| precise/esm | DNE | precise was released [3.2.0-1686.113] |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | 4.4.0-1002.2 |
| esm-infra/xenial | not-affected | 4.4.0-1012.21 |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | not-affected | 4.4.0-1002.2 |
| trusty/esm | not-affected | 4.4.0-1002.2 |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | 4.15.0-1023.24~14.04.1 |
| esm-infra/xenial | not-affected | 4.11.0-1009.9 |
| precise/esm | DNE | |
| trusty | not-affected | 4.15.0-1023.24~14.04.1 |
| trusty/esm | not-affected | 4.15.0-1023.24~14.04.1 |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-apps/xenial | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.11~rc5 |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected | 4.4.0-9019.20 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-apps/xenial | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | |
| trusty/esm | DNE | trusty was ignored |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | ignored | end of life |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | not-affected | 4.10.0-1004.4 |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.11~rc5 |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected | 4.10.0-1004.4 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-apps/xenial | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | |
| trusty/esm | DNE | trusty was ignored |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | |
| trusty/esm | DNE | trusty was ignored |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | not-affected | 4.8.0-45.48~16.04.1 |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | not-affected | 4.8.0-45.48~16.04.1 |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | not-affected | 4.4.0-1004.9 |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.11~rc5 |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected | 4.4.0-1004.9 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was ignored [abandoned] |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was ignored [abandoned] |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was ignored [abandoned] |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | ignored | end of life, was ignored |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | ignored | end of life, was ignored |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | ignored | end of life, was ignored |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | released | 3.13.0-115.162~precise1 |
| precise/esm | not-affected | 3.13.0-115.162~precise1 |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored [end of standard support]] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | trusty was ignored [end of standard support] |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was ignored [end of life, was needed] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support, was needed |
| trusty/esm | ignored | end of life, was needed |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored [end of standard support]] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | trusty was ignored [end of standard support] |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | 4.4.0-71.92~14.04.1 |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | released | 4.4.0-71.92~14.04.1 |
| trusty/esm | not-affected | 4.4.0-71.92~14.04.1 |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | |
| trusty/esm | DNE | trusty was ignored |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-apps/xenial | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | |
| trusty/esm | DNE | trusty was ignored |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | ignored | end of life |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | |
| trusty/esm | DNE | trusty was ignored |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.11~rc5 |
| xenial | not-affected | 4.13.0-1008.9 |
| zesty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was ignored [abandoned] |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 4.10.0-1004.6 |
| devel | not-affected | 4.13.0-1005.5 |
| esm-infra-legacy/trusty | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | ignored | end of life |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 4.4.0-1055.59 |
| devel | not-affected | 4.4.0-1077.82 |
| esm-infra-legacy/trusty | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | released | 3.2.0-1503.130 |
| precise/esm | DNE | precise was released [3.2.0-1503.130] |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.11~rc5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
Ссылки на источники
EPSS
7.2 High
CVSS2
7.8 High
CVSS3
Связанные уязвимости
The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.
The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.
The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Lin ...
Security update for Linux Kernel Live Patch 16 for SLE 12
Security update for Linux Kernel Live Patch 18 for SLE 12
EPSS
7.2 High
CVSS2
7.8 High
CVSS3