PT-2017-3324 · Linux+5 · Linux Kernel+5

Mohamed Ghannam

·

Publicado

2017-10-23

·

Atualizado

2023-01-19

·

CVE-2017-16939

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.13.11
Description The issue is related to the XFRM dump policy implementation in the Linux kernel, which allows local users to gain privileges or cause a denial of service due to a use-after-free error. This can be achieved by using a crafted SO RCVBUF setsockopt system call in conjunction with XFRM MSG GETPOLICY Netlink messages. The problem is associated with the use of memory after it has been freed.
Recommendations For Linux kernel versions prior to 4.13.11, update to version 4.13.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of the setsockopt system call with the SO RCVBUF option to minimize the risk of exploitation. Additionally, limiting access to XFRM MSG GETPOLICY Netlink messages can help reduce the vulnerability to this issue.

Exploit

Correção

DoS

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264CWE-416

Identificadores relacionados

ALT-PU-2017-2559
ALT-PU-2017-2561
BDU:2018-00089
CESA-2018_1318
CVE-2017-16939
DLA-1200-1
DSA-4082-1
MGASA-2017-0463
MGASA-2017-0466
MGASA-2017-0467
MGASA-2018-0062
MGASA-2018-0063
MGASA-2018-0064
OPENSUSE-SU-2017_3358-1
OPENSUSE-SU-2017_3359-1
RHSA-2018:0654
RHSA-2018:1318
RHSA-2018:1355
RHSA-2018_1318
RHSA-2018_1355
RHSA-2019:1170
RHSA-2019:1190
SUSE-SU-2017:3210-1
SUSE-SU-2017:3225-1
SUSE-SU-2017:3226-1
SUSE-SU-2017:3249-1
SUSE-SU-2017:3284-1
SUSE-SU-2017:3285-1
SUSE-SU-2017:3286-1
SUSE-SU-2017:3287-1
SUSE-SU-2017:3288-1
SUSE-SU-2017:3289-1
SUSE-SU-2017:3290-1
SUSE-SU-2017:3291-1
SUSE-SU-2017:3292-1
SUSE-SU-2017:3293-1
SUSE-SU-2017:3295-1
SUSE-SU-2017:3296-1
SUSE-SU-2017:3297-1
SUSE-SU-2017:3299-1
SUSE-SU-2017:3300-1
SUSE-SU-2017:3301-1
SUSE-SU-2017:3302-1
SUSE-SU-2017:3303-1
SUSE-SU-2017:3304-1
SUSE-SU-2017:3305-1
SUSE-SU-2017:3306-1
SUSE-SU-2017:3307-1
SUSE-SU-2017:3308-1
SUSE-SU-2017:3309-1
SUSE-SU-2017:3310-1
SUSE-SU-2017:3312-1
SUSE-SU-2017:3313-1
SUSE-SU-2017:3314-1
SUSE-SU-2017:3316-1
SUSE-SU-2017:3317-1
SUSE-SU-2017:3318-1
SUSE-SU-2017:3319-1
SUSE-SU-2017:3320-1
SUSE-SU-2017:3321-1
SUSE-SU-2017:3322-1
SUSE-SU-2017:3323-1
SUSE-SU-2017:3324-1
SUSE-SU-2017:3332-1
SUSE-SU-2017:3336-1
SUSE-SU-2017:3337-1
SUSE-SU-2017:3338-1
SUSE-SU-2017:3340-1
SUSE-SU-2017_3338-1
SUSE-SU-2018:0011-1
SUSE-SU-2018:0040-1
SUSE-SU-2018:0180-1
SUSE-SU-2018:0213-1
SUSE-SU-2018:0237-1
SUSE-SU-2018:0238-1
SUSE-SU-2018:0239-1
SUSE-SU-2018:0240-1
SUSE-SU-2018:0241-1
SUSE-SU-2018:0242-1
SUSE-SU-2018:0244-1
SUSE-SU-2018:0245-1
SUSE-SU-2018:0249-1
SUSE-SU-2018:0250-1
SUSE-SU-2018:0251-1
SUSE-SU-2018:0252-1
SUSE-SU-2018:0253-1
SUSE-SU-2018:0265-1
SUSE-SU-2018:0266-1
SUSE-SU-2018:0268-1
SUSE-SU-2018:0269-1
SUSE-SU-2018:0270-1
SUSE-SU-2018:0271-1
SUSE-SU-2018:0272-1
SUSE-SU-2018:0273-1
SUSE-SU-2018:0274-1
SUSE-SU-2018:0275-1
SUSE-SU-2018:0276-1
SUSE-SU-2018:0277-1
SUSE-SU-2018:0278-1
SUSE-SU-2018:0280-1
SUSE-SU-2018:0281-1
SUSE-SU-2018:0282-1
SUSE-SU-2018:0296-1
SUSE-SU-2018:0297-1
SUSE-SU-2018:0340-1
SUSE-SU-2018:0345-1
SUSE-SU-2018:0346-1
SUSE-SU-2018:0347-1
SUSE-SU-2019:0148-1
SUSE-SU-2019:0320-1
USN-3507-1
USN-3507-2
USN-3508-1
USN-3508-2
USN-3509-1
USN-3509-2
USN-3509-3
USN-3509-4
USN-3510-1
USN-3510-2
USN-3511-1

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu