An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges.

References

bugzilla.redhat.com/show_bug.cgi?id=1479307

f5 1

seebug 1

packetstorm 1

nessus 57

suse 45

myhack58 1

openvas 49

ubuntucve 2

metasploit 1

veracode 1

exploitpack 2

redhat 4

hackerone 1

prion 1

debiancve 1

cve 1

exploitdb 3

mageia 6

cloudfoundry 1

ubuntu 6

virtuozzo 5

oraclelinux 2

centos 2

amazon 1

fedora 2

photon 2

K60250153 : Linux kernel vulnerability CVE-2017-1000112

2018-03-14 00:00:00

seebug

Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch(CVE-2017-1000112)

2017-08-14 00:00:00

packetstorm

Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation

2018-08-03 00:00:00

nessus

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2442-1)

2017-09-14 00:00:00

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2506-1)

2017-09-18 00:00:00

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2509-1)

2017-09-18 00:00:00

suse

Security update for Linux Kernel Live Patch 2 for SLE 12 SP2 (important)

2017-09-14 12:09:22

Security update for Linux Kernel Live Patch 13 for SLE 12 SP1 (important)

2017-09-13 03:09:49

Security update for Linux Kernel Live Patch 9 for SLE 12 SP1 (important)

2017-09-13 17:21:59

myhack58

Struts 2 S2-053 flaws vulnerability bug thematic research with the POC-the exploit-warning-the black bar safety net

2017-09-17 00:00:00

openvas

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1256)

2020-01-23 00:00:00

SUSE: Security Advisory (SUSE-SU-2017:2436-1)

2021-04-19 00:00:00

SUSE: Security Advisory (SUSE-SU-2017:2423-1)

2021-04-19 00:00:00

ubuntucve

CVE-2017-1000112

2017-08-10 00:00:00

CVE-2017-1000

2017-12-31 00:00:00

metasploit

Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation

2018-04-18 00:39:59

veracode

Privilege Escalation

2019-05-02 06:37:27

exploitpack

Linux Kernel 4.4.0 4.8.0 (Ubuntu 14.0416.04 Linux Mint 1718 Zorin) - Local Privilege Escalation (KASLR SMEP)

2018-12-29 00:00:00

Linux Kernel 4.4.0-83 4.8.0-58 (Ubuntu 14.0416.04) - Local Privilege Escalation (KASLR SMEP)

2017-08-13 00:00:00

redhat

(RHSA-2019:1932) Important: kernel security update

2019-07-29 16:37:05

(RHSA-2019:1931) Important: kernel security and bug fix update

2019-07-29 16:36:12

(RHSA-2017:3200) Important: kernel security and bug fix update

2017-11-14 19:40:45

hackerone

Internet Bug Bounty: Linux kernel: CVE-2017-1000112: a memory corruption due to UFO to non-UFO path switch

2019-08-29 14:08:01

prion

Memory corruption

2017-10-05 01:29:00

debiancve

CVE-2017-1000112

2017-10-05 01:29:00

cve

CVE-2017-1000112

2017-10-05 01:29:00

exploitdb

Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04/16.04) - Local Privilege Escalation (KASLR / SMEP)

2017-08-13 00:00:00

Linux Kernel < 4.4.0/ < 4.8.0 (Ubuntu 14.04/16.04 / Linux Mint 17/18 / Zorin) - Local Privilege Escalation (KASLR / SMEP)

2018-12-29 00:00:00

Linux Kernel - UDP Fragmentation Offset 'UFO' Privilege Escalation (Metasploit)

2018-08-03 00:00:00

mageia

Updated kernel packages fixes security and other bugs

2017-08-18 20:06:49

Updated kernel-tmb packages fixes security and other bugs

2017-08-20 11:48:42

Updated kernel-tmb packages fixes security and other bugs

2017-08-23 18:43:04

cloudfoundry

USN-3385-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

2017-08-17 00:00:00

ubuntu

Linux kernel vulnerabilities

2017-08-11 00:00:00

Linux kernel (Trusty HWE) vulnerabilities

2017-08-11 00:00:00

Linux kernel (Xenial HWE) vulnerabilities

2017-08-11 00:00:00

virtuozzo

Important kernel security update: CVE-2017-1000111 and other; Virtuozzo ReadyKernel patch 29.0 for Virtuozzo 7.0.4 and 7.0.4 HF3

2017-08-17 00:00:00

Important kernel security update: CVE-2017-1000111 and other; Virtuozzo ReadyKernel patch 29.0 for Virtuozzo 7.0.0, 7.0.1, and 7.0.3

2017-08-17 00:00:00

Important kernel security update: CVE-2017-1000111 and other; Virtuozzo ReadyKernel patch 29.1 for Virtuozzo 7.0.5

2017-08-18 00:00:00

oraclelinux

Unbreakable Enterprise kernel security update

2017-10-24 00:00:00

kernel security and bug fix update

2017-11-15 00:00:00

centos

kernel, perf, python security update

2017-11-15 21:38:19

kernel, perf, python security update

2017-10-23 17:05:09

amazon

Critical: kernel

2017-08-10 16:31:00

fedora

[SECURITY] Fedora 26 Update: kernel-4.12.8-300.fc26

2017-08-24 03:52:29

[SECURITY] Fedora 25 Update: kernel-4.12.8-200.fc25

2017-08-23 06:09:57

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0029

2017-08-16 00:00:00

Important Photon OS Security Update - PHSA-2017-0062

2017-08-16 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

JSON

Related for RH:CVE-2017-1000112