Lucene search

K
nvd[email protected]NVD:CVE-2017-7184
HistoryMar 19, 2017 - 6:59 p.m.

CVE-2017-7184

2017-03-1918:59:00
web.nvd.nist.gov
10

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

51.5%

The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.

Affected configurations

Nvd
Node
linuxlinux_kernelMatch4.8
AND
canonicalubuntu_linuxMatch16.10
Node
linuxlinux_kernelRange<3.2.89
OR
linuxlinux_kernelRange3.3โ€“3.10.106
OR
linuxlinux_kernelRange3.11โ€“3.12.73
OR
linuxlinux_kernelRange3.13โ€“3.16.44
OR
linuxlinux_kernelRange3.17โ€“3.18.49
OR
linuxlinux_kernelRange3.19โ€“4.1.49
OR
linuxlinux_kernelRange4.2โ€“4.4.59
OR
linuxlinux_kernelRange4.5โ€“4.9.20
OR
linuxlinux_kernelRange4.10โ€“4.10.8
VendorProductVersionCPE
linuxlinux_kernel4.8cpe:2.3:o:linux:linux_kernel:4.8:*:*:*:*:*:*:*
canonicalubuntu_linux16.10cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

References

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

51.5%