PT-2017-15012 · Linux+3 · Linux Kernel+3

Publicado

2017-12-20

·

Atualizado

2023-01-19

·

CVE-2017-17806

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.14.8
Description The HMAC implementation in the Linux kernel does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. This issue affects systems that use the AF ALG-based hash interface and the SHA-3 hash algorithm.
Recommendations For Linux kernel versions prior to 4.14.8, update to version 4.14.8 or later to resolve the issue. As a temporary workaround, consider disabling the use of the SHA-3 hash algorithm until a patch is available. Restrict access to the AF ALG-based hash interface to minimize the risk of exploitation. Avoid using the CONFIG CRYPTO USER API HASH and CONFIG CRYPTO SHA3 configurations in the affected kernel versions until the issue is resolved.

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2017-2818
ALT-PU-2017-2819
CVE-2017-17806
DLA-1232-1
DSA-4073-1
DSA-4082-1
OPENSUSE-SU-2018_0022-1
OPENSUSE-SU-2018_0023-1
RHSA-2018:2948
SUSE-SU-2018:0010-1
SUSE-SU-2018:0011-1
SUSE-SU-2018:0012-1
SUSE-SU-2018:0040-1
SUSE-SU-2018:0180-1
SUSE-SU-2018:0213-1
SUSE-SU-2018:0437-1
SUSE-SU-2018:0525-1
USN-3583-1
USN-3583-2
USN-3617-1
USN-3617-2
USN-3617-3
USN-3619-1
USN-3619-2
USN-3632-1

Produtos afetados

Alt Linux
Linux Kernel
Suse
Ubuntu