Vulnerability CVE-2017-18075


Published: 2018-01-24

Description:
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.

Type:

CWE-399

(Resource Management Errors)

Vendor: Linux
Product: Linux kernel 
Version:
4.9.99
4.9.98
4.9.97
4.9.96
4.9.95
4.9.94
4.9.93
4.9.92
4.9.91
4.9.90
4.9.9
4.9.89
4.9.88
4.9.87
4.9.86
4.9.85
4.9.84
4.9.83
4.9.82
4.9.81
4.9.80
4.9.8
4.9.79
4.9.78
4.9.77
4.9.76
4.9.75
4.9.74
4.9.73
4.9.72
4.9.71
4.9.70
4.9.7
4.9.69
4.9.68
4.9.67
4.9.66
4.9.65
4.9.64
4.9.63
4.9.62
4.9.61
4.9.60
4.9.6
4.9.59
4.9.58
4.9.57
4.9.56
4.9.55
4.9.54
4.9.53
4.9.52
4.9.51
4.9.50
4.9.5
4.9.49
4.9.48
4.9.47
4.9.46
4.9.45
4.9.44
4.9.43
4.9.42
4.9.41
4.9.40
4.9.4
4.9.39
4.9.38
4.9.37
4.9.36
4.9.35
4.9.34
4.9.33
4.9.32
4.9.31
4.9.30
4.9.3
4.9.29
4.9.28
4.9.27
4.9.26
4.9.25
4.9.24
4.9.23
4.9.22
4.9.21
4.9.20
4.9.2
4.9.19
4.9.18
4.9.17
4.9.16
4.9.15
4.9.14
4.9.13
4.9.12
4.9.111
4.9.110
4.9.11
4.9.109
See more versions on NVD

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d76c68109f37cb85b243a1cf0f40313afd2bae68
http://www.securityfocus.com/bid/102813
https://access.redhat.com/errata/RHSA-2018:2948
https://github.com/torvalds/linux/commit/d76c68109f37cb85b243a1cf0f40313afd2bae68
https://usn.ubuntu.com/3619-1/
https://usn.ubuntu.com/3619-2/
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.13

Related CVE
CVE-2018-14633
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer over...
CVE-2018-10853
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process co...
CVE-2018-14625
A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gath...
CVE-2018-16658
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds...
CVE-2018-5391
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments...
CVE-2018-6555
The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecifi...
CVE-2018-6554
Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.
CVE-2018-16276
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate ...

Copyright 2018, cxsecurity.com

 

Back to Top