CVE-2017-7184

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.10.6

Description The issue allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP NET ADMIN capability. This can be achieved through the xfrm replay verify len function in net/xfrm/xfrm user.c after an XFRM MSG NEWAE update, which does not validate certain size data. The vulnerability was demonstrated during a Pwn2Own competition at CanSecWest 2017.

Recommendations For Linux kernel versions prior to 4.10.6, update to a version 4.10.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the CAP NET ADMIN capability to minimize the risk of exploitation.