PT-2017-12130 · Linux+4 · Linux Kernel+4

Publicado

2017-07-24

·

Atualizado

2023-06-26

·

CVE-2017-11600

CVSS v3.1

7.0

Alta

VetorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.12.3
Description The issue is related to the net/xfrm/xfrm policy.c file in the Linux kernel. It does not properly validate the dir value of xfrm userpolicy id when CONFIG XFRM MIGRATE is enabled. This can be exploited by local users via an XFRM MSG MIGRATE xfrm Netlink message, potentially leading to a denial of service due to out-of-bounds access or other unspecified impacts.
Recommendations For Linux kernel versions prior to 4.12.3, update to version 4.12.3 or later to resolve the issue.

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2017-2169
ALT-PU-2017-2171
CESA-2018_1965
CVE-2017-11600
DLA-1099-1
DSA-3981-1
MGASA-2017-0342
MGASA-2017-0343
MGASA-2017-0344
MGASA-2017-0345
MGASA-2017-0346
MGASA-2017-0347
OPENSUSE-SU-2017_3358-1
OPENSUSE-SU-2017_3359-1
RHSA-2018:1965
RHSA-2018:2003
RHSA-2018_1965
RHSA-2018_2003
RHSA-2019:1170
RHSA-2019:1190
SUSE-SU-2017:3398-1
SUSE-SU-2017:3410-1
SUSE-SU-2018:0011-1
SUSE-SU-2018:0031-1
SUSE-SU-2018:0040-1
SUSE-SU-2018:0115-1
SUSE-SU-2018:0180-1
SUSE-SU-2018:0213-1
SUSE-SU-2018:2346-1
SUSE-SU-2018:2347-1
SUSE-SU-2018:2350-1
SUSE-SU-2018:2351-1
SUSE-SU-2018:2352-1
SUSE-SU-2018:2353-1
SUSE-SU-2018:2355-1
SUSE-SU-2018:2367-1
SUSE-SU-2018:2387-1
SUSE-SU-2018:2413-1
SUSE-SU-2018_2346-1
SUSE-SU-2018_2347-1
SUSE-SU-2018_2350-1
SUSE-SU-2018_2351-1
SUSE-SU-2018_2352-1
SUSE-SU-2018_2353-1
SUSE-SU-2018_2355-1
SUSE-SU-2018_2367-1

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse