CVE-2017-16939

HIGH

Description

The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b5e2529a8f5ca8ee709288ecba3e68044df2

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html

http://seclists.org/fulldisclosure/2017/Nov/40

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11

http://www.securityfocus.com/bid/101954

https://access.redhat.com/errata/RHSA-2018:1318

https://access.redhat.com/errata/RHSA-2018:1355

https://access.redhat.com/errata/RHSA-2019:1170

https://access.redhat.com/errata/RHSA-2019:1190

https://blogs.securiteam.com/index.php/archives/3535

https://bugzilla.suse.com/show_bug.cgi?id=1069702

https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8ee709288ecba3e68044df2

https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html

https://www.debian.org/security/2018/dsa-4082

Details

Source: MITRE

Published: 2017-11-24

Updated: 2019-10-03

Type: CWE-416

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Tenable Plugins

View all (92 total)

IDNameProductFamilySeverity
127192NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0028)NessusNewStart CGSL Local Security Checks
high
127185NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0025)NessusNewStart CGSL Local Security Checks
high
125192RHEL 6 : MRG (RHSA-2019:1190) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusRed Hat Local Security Checks
high
125039RHEL 7 : kernel (RHSA-2019:1170) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusRed Hat Local Security Checks
high
124990EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1537)NessusHuawei Local Security Checks
high
124824EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1501)NessusHuawei Local Security Checks
high
121780Photon OS 1.0: Linux PHSA-2017-1.0-0093NessusPhotonOS Local Security Checks
high
121344SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0148-1) (Spectre)NessusSuSE Local Security Checks
high
111903Photon OS 1.0: Apr / Krb5 / Linux / Ncurses / Subversion PHSA-2017-1.0-0093 (deprecated)NessusPhotonOS Local Security Checks
high
110527Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4131)NessusOracle Linux Local Security Checks
high
110526OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0228) (Spectre)NessusOracleVM Local Security Checks
high
110245CentOS 7 : kernel (CESA-2018:1318)NessusCentOS Local Security Checks
high
110197Amazon Linux AMI : kernel (ALAS-2018-1023)NessusAmazon Linux Local Security Checks
high
110196Amazon Linux 2 : kernel (ALAS-2018-1023)NessusAmazon Linux Local Security Checks
high
109665Oracle Linux 7 : kernel (ELSA-2018-1318)NessusOracle Linux Local Security Checks
high
109644Scientific Linux Security Update : kernel on SL7.x x86_64 (20180508)NessusScientific Linux Local Security Checks
high
109642RHEL 7 : kernel-rt (RHSA-2018:1355)NessusRed Hat Local Security Checks
high
109633RHEL 7 : kernel (RHSA-2018:1318)NessusRed Hat Local Security Checks
high
108942RHEL 7 : kernel-alt (RHSA-2018:0654)NessusRed Hat Local Security Checks
high
106481SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0276-1)NessusSuSE Local Security Checks
high
106480SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0275-1)NessusSuSE Local Security Checks
high
106479SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0274-1)NessusSuSE Local Security Checks
high
106478SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0271-1)NessusSuSE Local Security Checks
high
106477SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0270-1)NessusSuSE Local Security Checks
high
106476SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0268-1)NessusSuSE Local Security Checks
high
106474SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0266-1)NessusSuSE Local Security Checks
high
106473SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0265-1)NessusSuSE Local Security Checks
high
106454SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0253-1)NessusSuSE Local Security Checks
high
106453SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0252-1)NessusSuSE Local Security Checks
high
106452SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0251-1)NessusSuSE Local Security Checks
high
106451SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0250-1)NessusSuSE Local Security Checks
high
106450SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0249-1)NessusSuSE Local Security Checks
high
106448SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0245-1)NessusSuSE Local Security Checks
high
106447SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0244-1)NessusSuSE Local Security Checks
high
106445SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0242-1)NessusSuSE Local Security Checks
high
106444SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0241-1)NessusSuSE Local Security Checks
high
106443SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0240-1)NessusSuSE Local Security Checks
high
106442SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0239-1)NessusSuSE Local Security Checks
high
106441SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0238-1)NessusSuSE Local Security Checks
high
106440SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0237-1)NessusSuSE Local Security Checks
high
106406EulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1031)NessusHuawei Local Security Checks
critical
106167EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1026)NessusHuawei Local Security Checks
high
106052Virtuozzo 7 : readykernel-patch (VZA-2018-004)NessusVirtuozzo Local Security Checks
critical
105704Debian DSA-4082-1 : linux - security update (Meltdown)NessusDebian Local Security Checks
high
105685SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0040-1) (BlueBorne) (KRACK) (Meltdown) (Spectre)NessusSuSE Local Security Checks
high
105575SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0011-1) (Meltdown) (Spectre)NessusSuSE Local Security Checks
high
105364openSUSE Security Update : the Linux Kernel (openSUSE-2017-1391) (Dirty COW)NessusSuSE Local Security Checks
high
105355Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws regression (USN-3509-4) (Dirty COW)NessusUbuntu Local Security Checks
high
105354Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2 regression (USN-3509-3) (Dirty COW)NessusUbuntu Local Security Checks
high
105352SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3340-1)NessusSuSE Local Security Checks
high
105351SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3338-1)NessusSuSE Local Security Checks
high
105350SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3337-1)NessusSuSE Local Security Checks
high
105349SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3336-1)NessusSuSE Local Security Checks
high
105348SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3332-1)NessusSuSE Local Security Checks
high
105344openSUSE Security Update : the Linux Kernel (openSUSE-2017-1390) (Dirty COW)NessusSuSE Local Security Checks
high
105324Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-114)NessusVirtuozzo Local Security Checks
high
105290SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3323-1)NessusSuSE Local Security Checks
high
105289SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3322-1)NessusSuSE Local Security Checks
high
105288SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3321-1)NessusSuSE Local Security Checks
high
105287SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3320-1)NessusSuSE Local Security Checks
high
105286SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3318-1)NessusSuSE Local Security Checks
high
105285SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3316-1)NessusSuSE Local Security Checks
high
105283SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3313-1)NessusSuSE Local Security Checks
high
105282SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3312-1)NessusSuSE Local Security Checks
high
105281SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3309-1)NessusSuSE Local Security Checks
high
105280SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3308-1)NessusSuSE Local Security Checks
high
105279SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3307-1)NessusSuSE Local Security Checks
high
105278SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3305-1)NessusSuSE Local Security Checks
high
105277SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3304-1)NessusSuSE Local Security Checks
high
105276SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3303-1)NessusSuSE Local Security Checks
high
105275SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3302-1)NessusSuSE Local Security Checks
high
105274SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3301-1)NessusSuSE Local Security Checks
high
105273SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3299-1)NessusSuSE Local Security Checks
high
105272SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3293-1)NessusSuSE Local Security Checks
high
105271SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3289-1)NessusSuSE Local Security Checks
high
105270SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3287-1)NessusSuSE Local Security Checks
high
105167Virtuozzo 7 : readykernel-patch (VZA-2017-111)NessusVirtuozzo Local Security Checks
high
105166Virtuozzo 7 : readykernel-patch (VZA-2017-110)NessusVirtuozzo Local Security Checks
high
105165Virtuozzo 7 : readykernel-patch (VZA-2017-109)NessusVirtuozzo Local Security Checks
high
105150SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3249-1) (Dirty COW)NessusSuSE Local Security Checks
high
105116Debian DLA-1200-1 : linux security update (KRACK)NessusDebian Local Security Checks
high
105107Ubuntu 16.04 LTS : linux-azure vulnerabilities (USN-3511-1) (Dirty COW)NessusUbuntu Local Security Checks
high
105106Ubuntu 14.04 LTS : linux vulnerabilities (USN-3510-1) (Dirty COW)NessusUbuntu Local Security Checks
high
105105Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3509-2) (Dirty COW)NessusUbuntu Local Security Checks
high
105104Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3509-1) (Dirty COW)NessusUbuntu Local Security Checks
high
105103Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3508-2) (Dirty COW)NessusUbuntu Local Security Checks
high
105102Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3508-1) (Dirty COW)NessusUbuntu Local Security Checks
high
105101Ubuntu 16.04 LTS : linux-gcp vulnerabilities (USN-3507-2) (Dirty COW)NessusUbuntu Local Security Checks
high
105100Ubuntu 17.10 : linux, linux-raspi2 vulnerabilities (USN-3507-1) (Dirty COW)NessusUbuntu Local Security Checks
high
105073SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:3226-1) (Dirty COW)NessusSuSE Local Security Checks
high
105072SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:3225-1) (Dirty COW)NessusSuSE Local Security Checks
high
105020SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3210-1) (Dirty COW)NessusSuSE Local Security Checks
high