CVE-2017-18509high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.
References
https://github.com/torvalds/linux/commit/99253eb750fda6a644d5188fb26c43bad8d5a745
https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html
https://lists.openwall.net/netdev/2017/12/04/40
https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-inetcsklistenstop-gpf
https://salsa.debian.org/kernel-team/linux/commit/baefcdc2f29923e7325ce4e1a72c3ff0a9800f32
https://seclists.org/bugtraq/2019/Aug/26
https://support.f5.com/csp/article/K41582535
https://support.f5.com/csp/article/K41582535?utm_source=f5support&utm_medium=RSS
Details
Source: MITRE
Published: 2019-08-13
Updated: 2020-11-09
Type: CWE-20
Risk Information
CVSS v2
Base Score: 7.2
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 3.9
Severity: HIGH
CVSS v3
Base Score: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8
Severity: HIGH
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 150533 | SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14218-1) | Nessus | SuSE Local Security Checks | critical |
| 132134 | EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2599) | Nessus | Huawei Local Security Checks | high |
| 131845 | EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353) | Nessus | Huawei Local Security Checks | critical |
| 131209 | Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4855) | Nessus | Oracle Linux Local Security Checks | medium |
| 131120 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2984-1) | Nessus | SuSE Local Security Checks | critical |
| 130950 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2950-1) (SACK Panic) | Nessus | SuSE Local Security Checks | critical |
| 130949 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2949-1) | Nessus | SuSE Local Security Checks | critical |
| 129491 | Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4145-1) | Nessus | Ubuntu Local Security Checks | critical |
| 127921 | Debian DLA-1885-1 : linux-4.9 security update | Nessus | Debian Local Security Checks | high |
| 127882 | Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-226-01) | Nessus | Slackware Local Security Checks | high |
| 127867 | Debian DSA-4497-1 : linux - security update | Nessus | Debian Local Security Checks | high |
| 127866 | Debian DLA-1884-1 : linux security update | Nessus | Debian Local Security Checks | high |