Lucene search

K
redhatcveRedhat.comRH:CVE-2017-17806
HistoryDec 21, 2017 - 2:49 p.m.

CVE-2017-17806

2017-12-2114:49:40
redhat.com
access.redhat.com
26

EPSS

0

Percentile

10.1%

The HMAC implementation (crypto/hmac.c) in the Linux kernel, before 4.14.8, does not validate that the underlying cryptographic hash algorithm is unkeyed. This allows a local attacker, able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3), to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.