CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed
local users to obtain root privileges or cause a denial of service
(heap-based out-of-bounds access) via an integer overflow, as
demonstrated during a Pwn2Own competition at CanSecWest 2017
(bsc#1030575).

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Server for SAP12x86_64kgraft-patch-3_12_60-52_63-default-4< 2.1kgraft-patch-3_12_60-52_63-default-4-2.1.x86_64.rpm
SUSE Linux Enterprise Server LTSS12x86_64kgraft-patch-3_12_60-52_63-default-4< 2.1kgraft-patch-3_12_60-52_63-default-4-2.1.x86_64.rpm
SUSE Linux Enterprise Server LTSS12x86_64kgraft-patch-3_12_60-52_63-xen-4< 2.1kgraft-patch-3_12_60-52_63-xen-4-2.1.x86_64.rpm
SUSE Linux Enterprise Server for SAP12x86_64kgraft-patch-3_12_60-52_63-xen-4< 2.1kgraft-patch-3_12_60-52_63-xen-4-2.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Linux Enterprise Server for SAP	12	x86_64	kgraft-patch-3_12_60-52_63-default-4	< 2.1	kgraft-patch-3_12_60-52_63-default-4-2.1.x86_64.rpm
SUSE Linux Enterprise Server LTSS	12	x86_64	kgraft-patch-3_12_60-52_63-default-4	< 2.1	kgraft-patch-3_12_60-52_63-default-4-2.1.x86_64.rpm
SUSE Linux Enterprise Server LTSS	12	x86_64	kgraft-patch-3_12_60-52_63-xen-4	< 2.1	kgraft-patch-3_12_60-52_63-xen-4-2.1.x86_64.rpm
SUSE Linux Enterprise Server for SAP	12	x86_64	kgraft-patch-3_12_60-52_63-xen-4	< 2.1	kgraft-patch-3_12_60-52_63-xen-4-2.1.x86_64.rpm

References

bugzilla.suse.com/1030575

veracode 1

nessus 47

suse 23

myhack58 1

openvas 15

mageia 3

virtuozzo 1

redhatcve 1

ibm 3

ubuntu 7

zdi 1

cloudfoundry 1

prion 1

ubuntucve 1

seebug 1

cve 1

debiancve 1

amazon 1

fedora 2

altlinux 1

googleprojectzero 1

photon 1

oraclelinux 6

redhat 4

centos 1

ics 1

osv 1

debian 1

androidsecurity 1

veracode

Privilege Escalation

2019-05-16 01:48:45

nessus

Ubuntu 16.04 LTS : Linux kernel vulnerability (USN-3249-1)

2017-03-30 00:00:00

Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerability (USN-3251-2)

2017-03-30 00:00:00

Ubuntu 16.10 : linux, linux-raspi2 vulnerability (USN-3251-1)

2017-03-30 00:00:00

suse

Security update for Linux Kernel Live Patch 10 for SLE 12 SP1 (important)

2017-03-30 12:09:45

Security update for Linux Kernel Live Patch 5 for SLE 12 SP2 (important)

2017-03-30 12:17:06

Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 (important)

2017-03-30 12:13:19

myhack58

PWN2OWN 2017 the Linux kernel to mention the right vulnerability analysis-vulnerability warning-the black bar safety net

2017-05-03 00:00:00

openvas

Ubuntu Update for linux-lts-trusty USN-3250-2

2017-03-30 00:00:00

Ubuntu Update for linux-lts-xenial USN-3249-2

2017-03-30 00:00:00

Ubuntu Update for linux USN-3250-1

2017-03-30 00:00:00

mageia

Updated kernel-tmb packages fixes security vulnerability

2017-03-31 23:28:10

Updated kernel packages fixes security vulnerability

2017-03-31 23:28:10

Updated kernel-linus packages fixes security vulnerability

2017-03-31 23:28:10

virtuozzo

Important kernel security update: Virtuozzo ReadyKernel patch 16.0 for kernels 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0), 3.10.0-327.36.1.vz7.18.7 (Virtuozzo 7.0.1), and 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3)

2017-04-03 00:00:00

redhatcve

CVE-2017-7184

2019-10-10 22:06:22

ibm

Security Bulletin: A vulnerability in the Linux Kernel affects PowerKVM

2018-06-18 01:35:40

Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities

2018-07-25 14:37:35

Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM

2018-07-06 23:49:08

ubuntu

Linux kernel vulnerability

2017-03-29 00:00:00

Linux kernel (HWE) vulnerability

2017-03-30 00:00:00

Linux kernel vulnerability

2017-03-29 00:00:00

zdi

(Pwn2Own) Linux Kernel XFRM Out-Of-Bounds Access Privilege Escalation Vulnerability

2017-03-30 00:00:00

cloudfoundry

USN-3249-2: Linux kernel (Xenial HWE) vulnerability | Cloud Foundry

2017-03-31 00:00:00

prion

Heap overflow

2017-03-19 18:59:00

ubuntucve

CVE-2017-7184

2017-03-19 00:00:00

seebug

kernel: Local privilege escalation in XFRM framework（CVE-2017-7184）

2017-03-30 00:00:00

cve

CVE-2017-7184

2017-03-19 18:59:00

debiancve

CVE-2017-7184

2017-03-19 18:59:00

amazon

Important: kernel

2017-03-29 17:59:00

fedora

[SECURITY] Fedora 25 Update: kernel-4.10.8-200.fc25

2017-04-03 22:55:05

[SECURITY] Fedora 24 Update: kernel-4.10.8-100.fc24

2017-04-03 22:21:30

altlinux

Security fix for the ALT Linux 7 package kernel-image-un-def version 1:4.1.49-alt0.M70P.1

2018-01-25 00:00:00

googleprojectzero

Exploiting the Linux kernel via packet sockets

2017-05-10 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0011

2017-04-14 00:00:00

oraclelinux

Unbreakable Enterprise kernel security update

2017-04-13 00:00:00

kernel security and bug fix update

2017-10-19 00:00:00

kernel security and bug fix update

2017-10-20 00:00:00

redhat

(RHSA-2019:4159) Important: kernel security and bug fix update

2019-12-10 10:11:44

(RHSA-2017:2931) Important: kernel-rt security and bug fix update

2017-10-19 13:19:05

(RHSA-2017:2930) Important: kernel security and bug fix update

2017-10-19 13:19:00

centos

kernel, perf, python security update

2017-10-23 17:05:09

ics

Mobile Industrial Robots Vehicles and MiR Fleet Software

2021-10-07 12:00:00

osv

linux - security update

2017-04-28 00:00:00

debian

[SECURITY] [DLA 922-1] linux security update

2017-04-28 12:39:18

androidsecurity

Android Security Bulletin—May 2017

2017-05-01 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.001 Low

EPSS

Percentile

43.0%

JSON

Related for SUSE-SU-2017:0888-1