CVE-2017-16939

HIGH

Description

The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b5e2529a8f5ca8ee709288ecba3e68044df2

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html

http://seclists.org/fulldisclosure/2017/Nov/40

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11

http://www.securityfocus.com/bid/101954

https://access.redhat.com/errata/RHSA-2018:1318

https://access.redhat.com/errata/RHSA-2018:1355

https://access.redhat.com/errata/RHSA-2019:1170

https://access.redhat.com/errata/RHSA-2019:1190

https://blogs.securiteam.com/index.php/archives/3535

https://bugzilla.suse.com/show_bug.cgi?id=1069702

https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8ee709288ecba3e68044df2

https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html

https://www.debian.org/security/2018/dsa-4082

Details

Source: MITRE

Published: 2017-11-24

Updated: 2019-05-14

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (92 total)

ID	Name	Product	Family	Severity
127192	NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0028)	Nessus	NewStart CGSL Local Security Checks	high
127185	NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0025)	Nessus	NewStart CGSL Local Security Checks	high
125192	RHEL 6 : MRG (RHSA-2019:1190) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	Red Hat Local Security Checks	high
125039	RHEL 7 : kernel (RHSA-2019:1170) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	Red Hat Local Security Checks	high
124990	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1537)	Nessus	Huawei Local Security Checks	high
124824	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1501)	Nessus	Huawei Local Security Checks	high
121780	Photon OS 1.0: Linux PHSA-2017-1.0-0093	Nessus	PhotonOS Local Security Checks	high
121344	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0148-1) (Spectre)	Nessus	SuSE Local Security Checks	high
111903	Photon OS 1.0: Apr / Krb5 / Linux / Ncurses / Subversion PHSA-2017-1.0-0093 (deprecated)	Nessus	PhotonOS Local Security Checks	high
110527	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4131)	Nessus	Oracle Linux Local Security Checks	high
110526	OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0228) (Spectre)	Nessus	OracleVM Local Security Checks	high
110245	CentOS 7 : kernel (CESA-2018:1318)	Nessus	CentOS Local Security Checks	high
110197	Amazon Linux AMI : kernel (ALAS-2018-1023)	Nessus	Amazon Linux Local Security Checks	high
110196	Amazon Linux 2 : kernel (ALAS-2018-1023)	Nessus	Amazon Linux Local Security Checks	high
109665	Oracle Linux 7 : kernel (ELSA-2018-1318)	Nessus	Oracle Linux Local Security Checks	high
109644	Scientific Linux Security Update : kernel on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
109642	RHEL 7 : kernel-rt (RHSA-2018:1355)	Nessus	Red Hat Local Security Checks	high
109633	RHEL 7 : kernel (RHSA-2018:1318)	Nessus	Red Hat Local Security Checks	high
108942	RHEL 7 : kernel-alt (RHSA-2018:0654)	Nessus	Red Hat Local Security Checks	high
106481	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0276-1)	Nessus	SuSE Local Security Checks	high
106480	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0275-1)	Nessus	SuSE Local Security Checks	high
106479	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0274-1)	Nessus	SuSE Local Security Checks	high
106478	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0271-1)	Nessus	SuSE Local Security Checks	high
106477	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0270-1)	Nessus	SuSE Local Security Checks	high
106476	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0268-1)	Nessus	SuSE Local Security Checks	high
106474	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0266-1)	Nessus	SuSE Local Security Checks	high
106473	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0265-1)	Nessus	SuSE Local Security Checks	high
106454	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0253-1)	Nessus	SuSE Local Security Checks	high
106453	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0252-1)	Nessus	SuSE Local Security Checks	high
106452	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0251-1)	Nessus	SuSE Local Security Checks	high
106451	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0250-1)	Nessus	SuSE Local Security Checks	high
106450	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0249-1)	Nessus	SuSE Local Security Checks	high
106448	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0245-1)	Nessus	SuSE Local Security Checks	high
106447	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0244-1)	Nessus	SuSE Local Security Checks	high
106445	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0242-1)	Nessus	SuSE Local Security Checks	high
106444	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0241-1)	Nessus	SuSE Local Security Checks	high
106443	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0240-1)	Nessus	SuSE Local Security Checks	high
106442	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0239-1)	Nessus	SuSE Local Security Checks	high
106441	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0238-1)	Nessus	SuSE Local Security Checks	high
106440	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0237-1)	Nessus	SuSE Local Security Checks	high
106406	EulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1031)	Nessus	Huawei Local Security Checks	critical
106167	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1026)	Nessus	Huawei Local Security Checks	high
106052	Virtuozzo 7 : readykernel-patch (VZA-2018-004)	Nessus	Virtuozzo Local Security Checks	critical
105704	Debian DSA-4082-1 : linux - security update (Meltdown)	Nessus	Debian Local Security Checks	high
105685	SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0040-1) (BlueBorne) (KRACK) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
105575	SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0011-1) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
105364	openSUSE Security Update : the Linux Kernel (openSUSE-2017-1391) (Dirty COW)	Nessus	SuSE Local Security Checks	high
105355	Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws regression (USN-3509-4) (Dirty COW)	Nessus	Ubuntu Local Security Checks	high
105354	Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2 regression (USN-3509-3) (Dirty COW)	Nessus	Ubuntu Local Security Checks	high
105352	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3340-1)	Nessus	SuSE Local Security Checks	high
105351	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3338-1)	Nessus	SuSE Local Security Checks	high
105350	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3337-1)	Nessus	SuSE Local Security Checks	high
105349	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3336-1)	Nessus	SuSE Local Security Checks	high
105348	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3332-1)	Nessus	SuSE Local Security Checks	high
105344	openSUSE Security Update : the Linux Kernel (openSUSE-2017-1390) (Dirty COW)	Nessus	SuSE Local Security Checks	high
105324	Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-114)	Nessus	Virtuozzo Local Security Checks	high
105290	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3323-1)	Nessus	SuSE Local Security Checks	high
105289	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3322-1)	Nessus	SuSE Local Security Checks	high
105288	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3321-1)	Nessus	SuSE Local Security Checks	high
105287	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3320-1)	Nessus	SuSE Local Security Checks	high
105286	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3318-1)	Nessus	SuSE Local Security Checks	high
105285	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3316-1)	Nessus	SuSE Local Security Checks	high
105283	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3313-1)	Nessus	SuSE Local Security Checks	high
105282	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3312-1)	Nessus	SuSE Local Security Checks	high
105281	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3309-1)	Nessus	SuSE Local Security Checks	high
105280	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3308-1)	Nessus	SuSE Local Security Checks	high
105279	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3307-1)	Nessus	SuSE Local Security Checks	high
105278	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3305-1)	Nessus	SuSE Local Security Checks	high
105277	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3304-1)	Nessus	SuSE Local Security Checks	high
105276	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3303-1)	Nessus	SuSE Local Security Checks	high
105275	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3302-1)	Nessus	SuSE Local Security Checks	high
105274	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3301-1)	Nessus	SuSE Local Security Checks	high
105273	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3299-1)	Nessus	SuSE Local Security Checks	high
105272	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3293-1)	Nessus	SuSE Local Security Checks	high
105271	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3289-1)	Nessus	SuSE Local Security Checks	high
105270	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3287-1)	Nessus	SuSE Local Security Checks	high
105167	Virtuozzo 7 : readykernel-patch (VZA-2017-111)	Nessus	Virtuozzo Local Security Checks	high
105166	Virtuozzo 7 : readykernel-patch (VZA-2017-110)	Nessus	Virtuozzo Local Security Checks	high
105165	Virtuozzo 7 : readykernel-patch (VZA-2017-109)	Nessus	Virtuozzo Local Security Checks	high
105150	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3249-1) (Dirty COW)	Nessus	SuSE Local Security Checks	high
105116	Debian DLA-1200-1 : linux security update (KRACK)	Nessus	Debian Local Security Checks	high
105107	Ubuntu 16.04 LTS : linux-azure vulnerabilities (USN-3511-1) (Dirty COW)	Nessus	Ubuntu Local Security Checks	high
105106	Ubuntu 14.04 LTS : linux vulnerabilities (USN-3510-1) (Dirty COW)	Nessus	Ubuntu Local Security Checks	high
105105	Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3509-2) (Dirty COW)	Nessus	Ubuntu Local Security Checks	high
105104	Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3509-1) (Dirty COW)	Nessus	Ubuntu Local Security Checks	high
105103	Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3508-2) (Dirty COW)	Nessus	Ubuntu Local Security Checks	high
105102	Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3508-1) (Dirty COW)	Nessus	Ubuntu Local Security Checks	high
105101	Ubuntu 16.04 LTS : linux-gcp vulnerabilities (USN-3507-2) (Dirty COW)	Nessus	Ubuntu Local Security Checks	high
105100	Ubuntu 17.10 : linux, linux-raspi2 vulnerabilities (USN-3507-1) (Dirty COW)	Nessus	Ubuntu Local Security Checks	high
105073	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:3226-1) (Dirty COW)	Nessus	SuSE Local Security Checks	high
105072	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:3225-1) (Dirty COW)	Nessus	SuSE Local Security Checks	high
105020	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3210-1) (Dirty COW)	Nessus	SuSE Local Security Checks	high