PT-2017-3585 · Linux+2 · Linux Kernel+2

Published

2017-12-22

·

Updated

2023-02-07

·

CVE-2017-18075

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.14.13
Description: The issue is related to errors in resource management within the Parallel Crypto Engine (crypto/pcrypt.c) subsystem of the Linux operating system. It can be exploited by executing a specially crafted sequence of system calls, potentially allowing an attacker to cause a denial of service or have other unspecified impacts. A local user with access to the AF ALG-based AEAD interface and pcrypt can exploit this issue.
Recommendations: For Linux kernel versions prior to 4.14.13, update to version 4.14.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the AF ALG-based AEAD interface and pcrypt to minimize the risk of exploitation.

Fix

DoS

Weakness Enumeration

CWE-763CWE-399

Related Identifiers

ALT-PU-2018-1021
ALT-PU-2018-1022
BDU:2018-00517
CVE-2017-18075
RHSA-2018:2948
SUSE-SU-2018:0568-1
SUSE-SU-2018:0572-1
SUSE-SU-2018:0573-1
SUSE-SU-2018:0574-1
SUSE-SU-2018:0575-1
SUSE-SU-2018:0576-1
SUSE-SU-2018:0577-1
SUSE-SU-2018:0578-1
SUSE-SU-2018:0579-1
SUSE-SU-2018:0582-1
SUSE-SU-2018:0584-1
SUSE-SU-2018:0586-1
SUSE-SU-2018:0590-1
SUSE-SU-2018:0591-1
SUSE-SU-2018:0592-1
SUSE-SU-2018:0593-1
SUSE-SU-2018:0594-1
SUSE-SU-2018:0595-1
SUSE-SU-2018:0596-1
SUSE-SU-2018:0597-1
USN-3619-1
USN-3619-2

Affected Products

Alt Linux
Linux Kernel
Ubuntu