PT-2017-10816 · Linux+5 · Linux Kernel+5

Andrey Konovalov

·

Publicado

2017-08-10

·

Atualizado

2025-09-29

·

CVE-2017-1000112

CVSS v3.1

7.0

Alta

VetorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version
Description The issue is related to a memory corruption vulnerability due to a UFO to non-UFO path switch. This occurs when building a UFO packet with MSG MORE, and the append path can be switched from UFO to non-UFO between two send() calls. As a result, a memory corruption can happen, particularly when UFO packet lengths exceed MTU. This leads to out-of-bounds writing by skb copy and csum bits(). A similar issue is present in IPv6 code. The bug was introduced on Oct 18, 2005.
Recommendations For Linux kernel versions prior to the fixed version, consider applying a patch to fix the memory corruption issue due to UFO to non-UFO path switch. As a temporary workaround, consider restricting the use of MSG MORE when building UFO packets to minimize the risk of exploitation.

Exploit

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALSA-2025_16880
ALT-PU-2017-2047
ALT-PU-2017-2048
CESA-2017_2930
CESA-2017_3200
CVE-2017-1000112
DSA-3981-1
ELSA-2017-2930
ELSA-2017-2930-1
ELSA-2017-3200
ELSA-2017-3631
MGASA-2017-0278
MGASA-2017-0279
MGASA-2017-0287
MGASA-2017-0288
MGASA-2017-0296
MGASA-2017-0309
OPENSUSE-SU-2017_2169-1
OPENSUSE-SU-2017_2171-1
RHSA-2017:2918
RHSA-2017:2930
RHSA-2017:2931
RHSA-2017:3200
RHSA-2017_2930
RHSA-2017_2931
RHSA-2017_3200
RHSA-2019:1931
RHSA-2019:1932
RHSA-2019:4159
RHSA-2019_1931
SUSE-SU-2017:2131-1
SUSE-SU-2017:2142-1
SUSE-SU-2017:2150-1
SUSE-SU-2017:2286-1
SUSE-SU-2017:2423-1
SUSE-SU-2017:2424-1
SUSE-SU-2017:2436-1
SUSE-SU-2017:2437-1
SUSE-SU-2017:2438-1
SUSE-SU-2017:2438-2
SUSE-SU-2017:2439-1
SUSE-SU-2017:2440-1
SUSE-SU-2017:2441-1
SUSE-SU-2017:2442-1
SUSE-SU-2017:2443-1
SUSE-SU-2017:2446-1
SUSE-SU-2017:2447-1
SUSE-SU-2017:2448-1
SUSE-SU-2017:2454-1
SUSE-SU-2017:2455-1
SUSE-SU-2017:2456-1
SUSE-SU-2017:2457-1
SUSE-SU-2017:2458-1
SUSE-SU-2017:2464-1
SUSE-SU-2017:2465-1
SUSE-SU-2017:2467-1
SUSE-SU-2017:2469-1
SUSE-SU-2017:2471-1
SUSE-SU-2017:2472-1
SUSE-SU-2017:2473-1
SUSE-SU-2017:2474-1
SUSE-SU-2017:2475-1
SUSE-SU-2017:2476-1
SUSE-SU-2017:2497-1
SUSE-SU-2017:2498-1
SUSE-SU-2017:2499-1
SUSE-SU-2017:2500-1
SUSE-SU-2017:2506-1
SUSE-SU-2017:2508-1
SUSE-SU-2017:2509-1
SUSE-SU-2017:2510-1
SUSE-SU-2017:2511-1
SUSE-SU-2017:2525-1
SUSE-SU-2017:2694-1
SUSE-SU-2017:2775-1
SUSE-SU-2017:2791-1
SUSE-SU-2017:2813-1
SUSE-SU-2017:2956-1
SUSE-SU-2017:3265-1
SUSE-SU-2017_2131-1
SUSE-SU-2017_2142-1
SUSE-SU-2017_2150-1
SUSE-SU-2017_2423-1
SUSE-SU-2017_2424-1
SUSE-SU-2017_2436-1
SUSE-SU-2017_2437-1
SUSE-SU-2017_2438-1
SUSE-SU-2017_2438-2
SUSE-SU-2017_2439-1
SUSE-SU-2017_2440-1
SUSE-SU-2017_2441-1
SUSE-SU-2017_2442-1
SUSE-SU-2017_2443-1
SUSE-SU-2017_2475-1
SUSE-SU-2017_2476-1
SUSE-SU-2017_2497-1
SUSE-SU-2017_2498-1
SUSE-SU-2017_2499-1
SUSE-SU-2017_2500-1
SUSE-SU-2017_2506-1
SUSE-SU-2017_2508-1
SUSE-SU-2017_2509-1
SUSE-SU-2017_2510-1
SUSE-SU-2017_2511-1
SUSE-SU-2017_2775-1
USN-3384-1
USN-3384-2
USN-3385-1
USN-3385-2
USN-3386-1
USN-3386-2

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu