7.8
CVE-2017-16939
- EPSS 2.15%
- Veröffentlicht 24.11.2017 10:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.28 < 3.2.97
Linux ≫ Linux Kernel Version >= 3.3 < 3.16.52
Linux ≫ Linux Kernel Version >= 3.17 < 3.18.86
Linux ≫ Linux Kernel Version >= 3.19 < 4.1.48
Linux ≫ Linux Kernel Version >= 4.2 < 4.4.104
Linux ≫ Linux Kernel Version >= 4.5 < 4.9.60
Linux ≫ Linux Kernel Version >= 4.10 < 4.13.11
Debian ≫ Debian Linux Version8.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.15% | 0.797 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://access.redhat.com/errata/RHSA-2019:1170
https://access.redhat.com/errata/RHSA-2019:1190
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
https://www.debian.org/security/2018/dsa-4082
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b5e2529a8f5ca8ee709288ecba3e68044df2
http://seclists.org/fulldisclosure/2017/Nov/40
http://www.securityfocus.com/bid/101954
https://access.redhat.com/errata/RHSA-2018:1318
https://access.redhat.com/errata/RHSA-2018:1355
https://blogs.securiteam.com/index.php/archives/3535
https://bugzilla.suse.com/show_bug.cgi?id=1069702
https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8ee709288ecba3e68044df2