Vulnerability CVE-2017-15129


Published: 2018-01-09   Modified: 2018-01-10

Description:
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.

Type:

CWE-416

(Use After Free)

Vendor: Linux
Product: Linux kernel 
Version:
4.9.9
4.9.8
4.9.7
4.9.6
4.9.5
4.9.44
4.9.43
4.9.42
4.9.41
4.9.40
4.9.4
4.9.39
4.9.38
4.9.37
4.9.36
4.9.35
4.9.34
4.9.33
4.9.32
4.9.31
4.9.30
4.9.3
4.9.29
4.9.28
4.9.27
4.9.26
4.9.25
4.9.24
4.9.23
4.9.22
4.9.21
4.9.20
4.9.2
4.9.19
4.9.18
4.9.17
4.9.16
4.9.15
4.9.14
4.9.13
4.9.12
4.9.11
4.9.10
4.9.1
4.9
4.8.9
4.8.8
4.8.7
4.8.6
4.8.5
4.8.4
4.8.3
4.8.2
4.8.17
4.8.16
4.8.15
4.8.14
4.8.13
4.8.12
4.8.11
4.8.10
4.8.1
4.8
4.7.9
4.7.6
4.7.4
4.7.3
4.7
4.6.7
4.6.6
4.6.5
4.6.4
4.6.3
4.6.2
4.6.1
4.6
4.5.7
4.5.5
4.5.4
4.5.3
4.5.2
4.5.1
4.5.0
4.4.9
4.4.83
4.4.82
4.4.81
4.4.80
4.4.8
4.4.79
4.4.78
4.4.77
4.4.76
4.4.75
4.4.74
4.4.73
4.4.72
4.4.71
4.4.70
4.4.7
See more versions on NVD

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0
http://seclists.org/oss-sec/2018/q1/7
https://access.redhat.com/security/cve/CVE-2017-15129
https://bugzilla.redhat.com/show_bug.cgi?id=1531174
https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0
https://marc.info/?l=linux-netdev&m=151370451121029&w=2
https://marc.info/?t=151370468900001&r=1&w=2
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11

Related CVE
CVE-2017-16914
The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP pa...
CVE-2017-16913
The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a spec...
CVE-2017-16912
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
CVE-2017-16911
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.
CVE-2018-6412
In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.
CVE-2017-18079
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is va...
CVE-2018-5750
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
CVE-2017-18075
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree ...

Copyright 2018, cxsecurity.com

 

Back to Top