PT-2017-3324 · Linux+5 · Linux Kernel+5

Mohamed Ghannam

·

Published

2017-10-23

·

Updated

2023-01-19

·

CVE-2017-16939

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.13.11
Description The issue is related to the XFRM dump policy implementation in the Linux kernel, which allows local users to gain privileges or cause a denial of service due to a use-after-free error. This can be achieved by using a crafted SO RCVBUF setsockopt system call in conjunction with XFRM MSG GETPOLICY Netlink messages. The problem is associated with the use of memory after it has been freed.
Recommendations For Linux kernel versions prior to 4.13.11, update to version 4.13.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of the setsockopt system call with the SO RCVBUF option to minimize the risk of exploitation. Additionally, limiting access to XFRM MSG GETPOLICY Netlink messages can help reduce the vulnerability to this issue.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-416

Related Identifiers

ALT-PU-2017-2559
ALT-PU-2017-2561
BDU:2018-00089
CESA-2018_1318
CVE-2017-16939
DLA-1200-1
DSA-4082-1
MGASA-2017-0463
MGASA-2017-0466
MGASA-2017-0467
MGASA-2018-0062
MGASA-2018-0063
MGASA-2018-0064
OPENSUSE-SU-2017_3358-1
OPENSUSE-SU-2017_3359-1
RHSA-2018:0654
RHSA-2018:1318
RHSA-2018:1355
RHSA-2018_1318
RHSA-2018_1355
RHSA-2019:1170
RHSA-2019:1190
SUSE-SU-2017:3210-1
SUSE-SU-2017:3225-1
SUSE-SU-2017:3226-1
SUSE-SU-2017:3249-1
SUSE-SU-2017:3284-1
SUSE-SU-2017:3285-1
SUSE-SU-2017:3286-1
SUSE-SU-2017:3287-1
SUSE-SU-2017:3288-1
SUSE-SU-2017:3289-1
SUSE-SU-2017:3290-1
SUSE-SU-2017:3291-1
SUSE-SU-2017:3292-1
SUSE-SU-2017:3293-1
SUSE-SU-2017:3295-1
SUSE-SU-2017:3296-1
SUSE-SU-2017:3297-1
SUSE-SU-2017:3299-1
SUSE-SU-2017:3300-1
SUSE-SU-2017:3301-1
SUSE-SU-2017:3302-1
SUSE-SU-2017:3303-1
SUSE-SU-2017:3304-1
SUSE-SU-2017:3305-1
SUSE-SU-2017:3306-1
SUSE-SU-2017:3307-1
SUSE-SU-2017:3308-1
SUSE-SU-2017:3309-1
SUSE-SU-2017:3310-1
SUSE-SU-2017:3312-1
SUSE-SU-2017:3313-1
SUSE-SU-2017:3314-1
SUSE-SU-2017:3316-1
SUSE-SU-2017:3317-1
SUSE-SU-2017:3318-1
SUSE-SU-2017:3319-1
SUSE-SU-2017:3320-1
SUSE-SU-2017:3321-1
SUSE-SU-2017:3322-1
SUSE-SU-2017:3323-1
SUSE-SU-2017:3324-1
SUSE-SU-2017:3332-1
SUSE-SU-2017:3336-1
SUSE-SU-2017:3337-1
SUSE-SU-2017:3338-1
SUSE-SU-2017:3340-1
SUSE-SU-2017_3338-1
SUSE-SU-2018:0011-1
SUSE-SU-2018:0040-1
SUSE-SU-2018:0180-1
SUSE-SU-2018:0213-1
SUSE-SU-2018:0237-1
SUSE-SU-2018:0238-1
SUSE-SU-2018:0239-1
SUSE-SU-2018:0240-1
SUSE-SU-2018:0241-1
SUSE-SU-2018:0242-1
SUSE-SU-2018:0244-1
SUSE-SU-2018:0245-1
SUSE-SU-2018:0249-1
SUSE-SU-2018:0250-1
SUSE-SU-2018:0251-1
SUSE-SU-2018:0252-1
SUSE-SU-2018:0253-1
SUSE-SU-2018:0265-1
SUSE-SU-2018:0266-1
SUSE-SU-2018:0268-1
SUSE-SU-2018:0269-1
SUSE-SU-2018:0270-1
SUSE-SU-2018:0271-1
SUSE-SU-2018:0272-1
SUSE-SU-2018:0273-1
SUSE-SU-2018:0274-1
SUSE-SU-2018:0275-1
SUSE-SU-2018:0276-1
SUSE-SU-2018:0277-1
SUSE-SU-2018:0278-1
SUSE-SU-2018:0280-1
SUSE-SU-2018:0281-1
SUSE-SU-2018:0282-1
SUSE-SU-2018:0296-1
SUSE-SU-2018:0297-1
SUSE-SU-2018:0340-1
SUSE-SU-2018:0345-1
SUSE-SU-2018:0346-1
SUSE-SU-2018:0347-1
SUSE-SU-2019:0148-1
SUSE-SU-2019:0320-1
USN-3507-1
USN-3507-2
USN-3508-1
USN-3508-2
USN-3509-1
USN-3509-2
USN-3509-3
USN-3509-4
USN-3510-1
USN-3510-2
USN-3511-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu