CVE-2017-1000111

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.

References

http://www.debian.org/security/2017/dsa-3981

http://www.securityfocus.com/bid/100267

http://www.securitytracker.com/id/1039132

https://access.redhat.com/errata/RHSA-2017:2918

https://access.redhat.com/errata/RHSA-2017:2930

https://access.redhat.com/errata/RHSA-2017:2931

https://access.redhat.com/errata/RHSA-2017:3200

https://access.redhat.com/security/cve/cve-2017-1000111

Details

Source: MITRE

Published: 2017-10-05

Updated: 2020-10-15

Type: CWE-787

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.12.3 (inclusive)

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Tenable Plugins

View all (46 total)

IDNameProductFamilySeverity
127425NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0152)NessusNewStart CGSL Local Security Checks
high
127146NewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0004)NessusNewStart CGSL Local Security Checks
critical
124970EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1517)NessusHuawei Local Security Checks
high
124821EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1498)NessusHuawei Local Security Checks
high
108520Juniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838)NessusJunos Local Security Checks
critical
106469OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0015) (BlueBorne) (Meltdown) (Spectre) (Stack Clash)NessusOracleVM Local Security Checks
critical
105248OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)NessusOracleVM Local Security Checks
high
105247Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3659) (BlueBorne) (Dirty COW) (Stack Clash)NessusOracle Linux Local Security Checks
high
105147OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0173) (BlueBorne) (Stack Clash)NessusOracleVM Local Security Checks
high
105145Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3658) (BlueBorne) (Stack Clash)NessusOracle Linux Local Security Checks
high
105144Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657) (BlueBorne) (Stack Clash)NessusOracle Linux Local Security Checks
high
104623Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20171115)NessusScientific Linux Local Security Checks
high
104617Oracle Linux 6 : kernel (ELSA-2017-3200)NessusOracle Linux Local Security Checks
high
104583CentOS 6 : kernel (CESA-2017:3200)NessusCentOS Local Security Checks
high
104566RHEL 6 : kernel (RHSA-2017:3200)NessusRed Hat Local Security Checks
high
104296EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1271)NessusHuawei Local Security Checks
high
104203OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0164)NessusOracleVM Local Security Checks
high
104169Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3633)NessusOracle Linux Local Security Checks
high
104168Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3632)NessusOracle Linux Local Security Checks
high
104106CentOS 7 : kernel (CESA-2017:2930)NessusCentOS Local Security Checks
high
104090RHEL 6 : MRG (RHSA-2017:2918)NessusRed Hat Local Security Checks
high
104088Oracle Linux 7 : kernel (ELSA-2017-2930-1) (BlueBorne)NessusOracle Linux Local Security Checks
high
104008Scientific Linux Security Update : kernel on SL7.x x86_64 (20171019)NessusScientific Linux Local Security Checks
high
104004RHEL 7 : kernel-rt (RHSA-2017:2931)NessusRed Hat Local Security Checks
high
104003RHEL 7 : kernel (RHSA-2017:2930)NessusRed Hat Local Security Checks
high
104001Oracle Linux 7 : kernel (ELSA-2017-2930)NessusOracle Linux Local Security Checks
high
103365Debian DSA-3981-1 : linux - security update (BlueBorne) (Stack Clash)NessusDebian Local Security Checks
high
103363Debian DLA-1099-1 : linux security update (BlueBorne) (Stack Clash)NessusDebian Local Security Checks
high
102922Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-076)NessusVirtuozzo Local Security Checks
high
102838SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2286-1)NessusSuSE Local Security Checks
high
102718Fedora 25 : kernel (2017-73f71456d7)NessusFedora Local Security Checks
high
102717Fedora 26 : kernel (2017-4336d64e21)NessusFedora Local Security Checks
high
102593Virtuozzo 7 : readykernel-patch (VZA-2017-073)NessusVirtuozzo Local Security Checks
high
102592Virtuozzo 7 : readykernel-patch (VZA-2017-072)NessusVirtuozzo Local Security Checks
high
102591Virtuozzo 7 : readykernel-patch (VZA-2017-071)NessusVirtuozzo Local Security Checks
high
102510openSUSE Security Update : the Linux Kernel (openSUSE-2017-930)NessusSuSE Local Security Checks
high
102509openSUSE Security Update : the Linux Kernel (openSUSE-2017-929)NessusSuSE Local Security Checks
high
102478SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2150-1)NessusSuSE Local Security Checks
high
102475SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2142-1)NessusSuSE Local Security Checks
high
102422Ubuntu 14.04 LTS : linux vulnerabilities (USN-3386-1)NessusUbuntu Local Security Checks
high
102421Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3385-2)NessusUbuntu Local Security Checks
high
102420Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities (USN-3385-1)NessusUbuntu Local Security Checks
high
102419Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3384-2)NessusUbuntu Local Security Checks
high
102418Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3384-1)NessusUbuntu Local Security Checks
high
102415SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2131-1)NessusSuSE Local Security Checks
high
102367Amazon Linux AMI : kernel (ALAS-2017-868)NessusAmazon Linux Local Security Checks
high