Bug 1539508 (CVE-2017-18075)
Summary: | CVE-2017-18075 kernel: Mishandled freeing of instances in pcrypt.c can allow a local user to cause a denial of service | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sam Fowler <sfowler> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | airlied, ajax, aquini, bhu, blc, bskeggs, dhoward, ewk, fhrbata, hdegoede, hkrzesin, hwkernel-mgr, iboverma, ichavero, itamar, jarodwilson, jforbes, jglisse, jkacur, john.j5live, jonathan, josef, jross, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, plougher, rt-maint, rvrbovsk, skozina, slawomir, steved, vdronov, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | kernel 4.14.13 | Doc Type: | Bug Fix |
Doc Text: |
crypto/pcrypt.c in the Linux kernel, before 4.14.13, mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 03:38:26 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1546457, 1546458 | ||
Bug Blocks: | 1539509 |
Description
Sam Fowler
2018-01-29 04:52:19 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1546457] This was fixed for Fedora with the 4.14.13 stable updates. Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, and 7, its real-time kernel and Red Hat Enterprise MRG 2, as the code with the flaw is not enabled and is not built in the products listed. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:2948 |