1. CVE-Search
  2. CVE-2017-7184
ID CVE-2017-7184
Summary The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:4.8:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:4.8:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • rhsa
    id RHSA-2017:2918
  • rhsa
    id RHSA-2017:2930
  • rhsa
    id RHSA-2017:2931
  • rhsa
    id RHSA-2019:4159
rpms
  • kernel-rt-1:3.10.0-693.5.2.rt56.592.el6rt
  • kernel-rt-debug-1:3.10.0-693.5.2.rt56.592.el6rt
  • kernel-rt-debug-debuginfo-1:3.10.0-693.5.2.rt56.592.el6rt
  • kernel-rt-debug-devel-1:3.10.0-693.5.2.rt56.592.el6rt
  • kernel-rt-debuginfo-1:3.10.0-693.5.2.rt56.592.el6rt
  • kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.5.2.rt56.592.el6rt
  • kernel-rt-devel-1:3.10.0-693.5.2.rt56.592.el6rt
  • kernel-rt-doc-1:3.10.0-693.5.2.rt56.592.el6rt
  • kernel-rt-firmware-1:3.10.0-693.5.2.rt56.592.el6rt
  • kernel-rt-trace-1:3.10.0-693.5.2.rt56.592.el6rt
  • kernel-rt-trace-debuginfo-1:3.10.0-693.5.2.rt56.592.el6rt
  • kernel-rt-trace-devel-1:3.10.0-693.5.2.rt56.592.el6rt
  • kernel-rt-vanilla-1:3.10.0-693.5.2.rt56.592.el6rt
  • kernel-rt-vanilla-debuginfo-1:3.10.0-693.5.2.rt56.592.el6rt
  • kernel-rt-vanilla-devel-1:3.10.0-693.5.2.rt56.592.el6rt
  • kernel-0:3.10.0-693.5.2.el7
  • kernel-abi-whitelists-0:3.10.0-693.5.2.el7
  • kernel-bootwrapper-0:3.10.0-693.5.2.el7
  • kernel-debug-0:3.10.0-693.5.2.el7
  • kernel-debug-debuginfo-0:3.10.0-693.5.2.el7
  • kernel-debug-devel-0:3.10.0-693.5.2.el7
  • kernel-debuginfo-0:3.10.0-693.5.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-693.5.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-693.5.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-693.5.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-693.5.2.el7
  • kernel-devel-0:3.10.0-693.5.2.el7
  • kernel-doc-0:3.10.0-693.5.2.el7
  • kernel-headers-0:3.10.0-693.5.2.el7
  • kernel-kdump-0:3.10.0-693.5.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-693.5.2.el7
  • kernel-kdump-devel-0:3.10.0-693.5.2.el7
  • kernel-tools-0:3.10.0-693.5.2.el7
  • kernel-tools-debuginfo-0:3.10.0-693.5.2.el7
  • kernel-tools-libs-0:3.10.0-693.5.2.el7
  • kernel-tools-libs-devel-0:3.10.0-693.5.2.el7
  • perf-0:3.10.0-693.5.2.el7
  • perf-debuginfo-0:3.10.0-693.5.2.el7
  • python-perf-0:3.10.0-693.5.2.el7
  • python-perf-debuginfo-0:3.10.0-693.5.2.el7
  • kernel-rt-0:3.10.0-693.5.2.rt56.626.el7
  • kernel-rt-debug-0:3.10.0-693.5.2.rt56.626.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-693.5.2.rt56.626.el7
  • kernel-rt-debug-devel-0:3.10.0-693.5.2.rt56.626.el7
  • kernel-rt-debug-kvm-0:3.10.0-693.5.2.rt56.626.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.5.2.rt56.626.el7
  • kernel-rt-debuginfo-0:3.10.0-693.5.2.rt56.626.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.5.2.rt56.626.el7
  • kernel-rt-devel-0:3.10.0-693.5.2.rt56.626.el7
  • kernel-rt-doc-0:3.10.0-693.5.2.rt56.626.el7
  • kernel-rt-kvm-0:3.10.0-693.5.2.rt56.626.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-693.5.2.rt56.626.el7
  • kernel-rt-trace-0:3.10.0-693.5.2.rt56.626.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-693.5.2.rt56.626.el7
  • kernel-rt-trace-devel-0:3.10.0-693.5.2.rt56.626.el7
  • kernel-rt-trace-kvm-0:3.10.0-693.5.2.rt56.626.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.5.2.rt56.626.el7
  • kernel-0:3.10.0-514.71.1.el7
  • kernel-abi-whitelists-0:3.10.0-514.71.1.el7
  • kernel-bootwrapper-0:3.10.0-514.71.1.el7
  • kernel-debug-0:3.10.0-514.71.1.el7
  • kernel-debug-debuginfo-0:3.10.0-514.71.1.el7
  • kernel-debug-devel-0:3.10.0-514.71.1.el7
  • kernel-debuginfo-0:3.10.0-514.71.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-514.71.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-514.71.1.el7
  • kernel-devel-0:3.10.0-514.71.1.el7
  • kernel-doc-0:3.10.0-514.71.1.el7
  • kernel-headers-0:3.10.0-514.71.1.el7
  • kernel-tools-0:3.10.0-514.71.1.el7
  • kernel-tools-debuginfo-0:3.10.0-514.71.1.el7
  • kernel-tools-libs-0:3.10.0-514.71.1.el7
  • kernel-tools-libs-devel-0:3.10.0-514.71.1.el7
  • perf-0:3.10.0-514.71.1.el7
  • perf-debuginfo-0:3.10.0-514.71.1.el7
  • python-perf-0:3.10.0-514.71.1.el7
  • python-perf-debuginfo-0:3.10.0-514.71.1.el7
refmap via4
bid 97018
confirm
misc
sectrack 1038166
Last major update 03-10-2019 - 00:03
Published 19-03-2017 - 18:59
Last modified 03-10-2019 - 00:03
Back to Top