Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-7184
HistoryMar 19, 2017 - 12:00 a.m.

CVE-2017-7184

2017-03-1900:00:00
ubuntu.com
ubuntu.com
25
linux kernel
xfrm_replay_verify_len
local users
root privileges
denial of service
cap_net_admin
pwn2own competition
cansecwest 2017
ubuntu 16.10
linux-image-* package

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

51.5%

The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux
kernel through 4.10.6 does not validate certain size data after an
XFRM_MSG_NEWAE update, which allows local users to obtain root privileges
or cause a denial of service (heap-based out-of-bounds access) by
leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own
competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package
4.8.0.41.52.

Notes

Author Note
jdstrand android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support
OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchlinux< 3.2.0-125.168UNKNOWN
ubuntu14.04noarchlinux< 3.13.0-115.162UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-71.92UNKNOWN
ubuntu16.10noarchlinux< 4.8.0-45.48UNKNOWN
ubuntu12.04noarchlinux-armadaxp< 3.2.0-1686.113UNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1012.21UNKNOWN
ubuntu16.04noarchlinux-gke< 4.4.0-1009.9UNKNOWN
ubuntu16.04noarchlinux-hwe< 4.8.0-45.48~16.04.1UNKNOWN
ubuntu16.04noarchlinux-hwe-edge< 4.8.0-45.48~16.04.1UNKNOWN
ubuntu12.04noarchlinux-lts-trusty< 3.13.0-115.162~precise1UNKNOWN
Rows per page:
1-10 of 171

References

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

51.5%