Vulnerability CVE-2017-12153


Published: 2017-09-21   Modified: 2017-10-04

Description:
A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash.

Vendor: Linux
Product: Linux kernel 
Version: 4.13.3;

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://seclists.org/oss-sec/2017/q3/437
http://www.securityfocus.com/bid/100855
https://bugzilla.novell.com/show_bug.cgi?id=1058410
https://bugzilla.redhat.com/show_bug.cgi?id=1491046
https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=e785fa0a164aa11001cba931367c7f94ffaff888
https://marc.info/?t=150525503100001&r=1&w=2

Related CVE
CVE-2017-14991
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.
CVE-2017-14954
The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted syst...
CVE-2017-12154
The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allow...
CVE-2017-1000252
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.
CVE-2015-5327
Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.
CVE-2017-12168
The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Re...
CVE-2017-14497
The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified othe...
CVE-2017-14489
The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.

Copyright 2017, cxsecurity.com

 

Back to Top