PT-2017-10816 · Linux+5 · Linux Kernel+5

Andrey Konovalov

·

Published

2017-08-10

·

Updated

2025-09-29

·

CVE-2017-1000112

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version
Description The issue is related to a memory corruption vulnerability due to a UFO to non-UFO path switch. This occurs when building a UFO packet with MSG MORE, and the append path can be switched from UFO to non-UFO between two send() calls. As a result, a memory corruption can happen, particularly when UFO packet lengths exceed MTU. This leads to out-of-bounds writing by skb copy and csum bits(). A similar issue is present in IPv6 code. The bug was introduced on Oct 18, 2005.
Recommendations For Linux kernel versions prior to the fixed version, consider applying a patch to fix the memory corruption issue due to UFO to non-UFO path switch. As a temporary workaround, consider restricting the use of MSG MORE when building UFO packets to minimize the risk of exploitation.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALSA-2025_16880
ALT-PU-2017-2047
ALT-PU-2017-2048
CESA-2017_2930
CESA-2017_3200
CVE-2017-1000112
DSA-3981-1
ELSA-2017-2930
ELSA-2017-2930-1
ELSA-2017-3200
ELSA-2017-3631
MGASA-2017-0278
MGASA-2017-0279
MGASA-2017-0287
MGASA-2017-0288
MGASA-2017-0296
MGASA-2017-0309
OPENSUSE-SU-2017_2169-1
OPENSUSE-SU-2017_2171-1
RHSA-2017:2918
RHSA-2017:2930
RHSA-2017:2931
RHSA-2017:3200
RHSA-2017_2930
RHSA-2017_2931
RHSA-2017_3200
RHSA-2019:1931
RHSA-2019:1932
RHSA-2019:4159
RHSA-2019_1931
SUSE-SU-2017:2131-1
SUSE-SU-2017:2142-1
SUSE-SU-2017:2150-1
SUSE-SU-2017:2286-1
SUSE-SU-2017:2423-1
SUSE-SU-2017:2424-1
SUSE-SU-2017:2436-1
SUSE-SU-2017:2437-1
SUSE-SU-2017:2438-1
SUSE-SU-2017:2438-2
SUSE-SU-2017:2439-1
SUSE-SU-2017:2440-1
SUSE-SU-2017:2441-1
SUSE-SU-2017:2442-1
SUSE-SU-2017:2443-1
SUSE-SU-2017:2446-1
SUSE-SU-2017:2447-1
SUSE-SU-2017:2448-1
SUSE-SU-2017:2454-1
SUSE-SU-2017:2455-1
SUSE-SU-2017:2456-1
SUSE-SU-2017:2457-1
SUSE-SU-2017:2458-1
SUSE-SU-2017:2464-1
SUSE-SU-2017:2465-1
SUSE-SU-2017:2467-1
SUSE-SU-2017:2469-1
SUSE-SU-2017:2471-1
SUSE-SU-2017:2472-1
SUSE-SU-2017:2473-1
SUSE-SU-2017:2474-1
SUSE-SU-2017:2475-1
SUSE-SU-2017:2476-1
SUSE-SU-2017:2497-1
SUSE-SU-2017:2498-1
SUSE-SU-2017:2499-1
SUSE-SU-2017:2500-1
SUSE-SU-2017:2506-1
SUSE-SU-2017:2508-1
SUSE-SU-2017:2509-1
SUSE-SU-2017:2510-1
SUSE-SU-2017:2511-1
SUSE-SU-2017:2525-1
SUSE-SU-2017:2694-1
SUSE-SU-2017:2775-1
SUSE-SU-2017:2791-1
SUSE-SU-2017:2813-1
SUSE-SU-2017:2956-1
SUSE-SU-2017:3265-1
SUSE-SU-2017_2131-1
SUSE-SU-2017_2142-1
SUSE-SU-2017_2150-1
SUSE-SU-2017_2423-1
SUSE-SU-2017_2424-1
SUSE-SU-2017_2436-1
SUSE-SU-2017_2437-1
SUSE-SU-2017_2438-1
SUSE-SU-2017_2438-2
SUSE-SU-2017_2439-1
SUSE-SU-2017_2440-1
SUSE-SU-2017_2441-1
SUSE-SU-2017_2442-1
SUSE-SU-2017_2443-1
SUSE-SU-2017_2475-1
SUSE-SU-2017_2476-1
SUSE-SU-2017_2497-1
SUSE-SU-2017_2498-1
SUSE-SU-2017_2499-1
SUSE-SU-2017_2500-1
SUSE-SU-2017_2506-1
SUSE-SU-2017_2508-1
SUSE-SU-2017_2509-1
SUSE-SU-2017_2510-1
SUSE-SU-2017_2511-1
SUSE-SU-2017_2775-1
USN-3384-1
USN-3384-2
USN-3385-1
USN-3385-2
USN-3386-1
USN-3386-2

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu