PT-2017-12368 · Linux+3 · Linux Kernel+3

Bo Zhang

·

Publicado

2017-09-20

·

Atualizado

2024-06-15

·

CVE-2017-12153

CVSS v2.0

4.9

Média

VetorAV:L/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.13.3
Description A security issue was found in the nl80211 set rekey data() function, which does not check for required attributes in a Netlink request. This request can be issued by a user with the CAP NET ADMIN capability, potentially resulting in a NULL pointer dereference and system crash.
Recommendations For Linux kernel versions prior to 4.13.3, consider updating to a version that includes the fix for this issue to prevent potential system crashes. As a temporary workaround, consider restricting the CAP NET ADMIN capability to minimize the risk of exploitation.

Correção

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2017-2337
ALT-PU-2017-2375
ALT-PU-2017-2378
ALT-PU-2017-2379
ALT-PU-2018-1991
CVE-2017-12153
DLA-1099-1
DSA-3981-1
MGASA-2017-0381
MGASA-2017-0383
MGASA-2017-0384
MGASA-2017-0386
MGASA-2017-0387
MGASA-2017-0388
OPENSUSE-SU-2017_2739-1
OPENSUSE-SU-2017_2741-1
OPENSUSE-SU-2024:10728-1
OPENSUSE-SU-2024:13704-1
SUSE-SU-2017:2847-1
SUSE-SU-2017:2869-1
SUSE-SU-2017:2908-1
SUSE-SU-2017:2920-1
SUSE-SU-2017:3267-1
USN-3469-1
USN-3469-2
USN-3487-1
USN-3583-1
USN-3583-2

Produtos afetados

Alt Linux
Linux Kernel
Suse
Ubuntu