Bug 1637504 (CVE-2018-17977)

Summary: CVE-2018-17977 kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of service
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abhgupta, acaringi, airlied, allarkin, aquini, bhu, blc, brdeoliv, bskeggs, carnil, cye, dbaker, dbohanno, dhoward, dvlasenk, esandeen, ewk, fhrbata, hdegoede, hkrzesin, hwkernel-mgr, iboverma, ichavero, itamar, jarod, jarodwilson, jfaracco, jforbes, jglisse, jkacur, joe.lawrence, john.j5live, jokerman, jonathan, josef, jross, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, lzampier, matt, mchehab, mcressma, mjg59, mlangsdo, mleitner, mmilgram, nmurray, plougher, ptalbert, rparrazo, rrobaina, rt-maint, rvrbovsk, rysulliv, scweaver, security-response-team, slawomir, steved, sthangav, sukulkar, trankin, williams, wmealing, ycote, ykopkova, yozone, zhijwang
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel's handling of complex interactions between netlink, IP, and AH style packets which can enter a state where the used memory will not be freed. This can eventually use all memory and possibly crash userspace programs due to lack of available memory.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-20 21:18:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1637505    
Bug Blocks: 1637555    

Description Andrej Nemec 2018-10-09 11:26:50 UTC 
It was found that the Linux kernel mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang).

References:

https://seclists.org/oss-sec/2018/q4/15
Comment 1 Andrej Nemec 2018-10-09 11:28:27 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1637505]
Comment 6 Salvatore Bonaccorso 2019-05-27 20:27:55 UTC 
Hi

Before the files disapeared, was someone able to gather them?

Was this issue ever adressed upstream? Do you have more information on the fix for tracking the status?

Thanks already in advance if you can share more on it. I'm trying to determine the status for Debian in https://security-tracker.debian.org/tracker/CVE-2018-17977 for it.

Regards,
Salvatore
Comment 7 Wade Mealing 2019-05-28 06:30:22 UTC 
Salvatore , Emailed you a response.
Comment 8 Wade Mealing 2019-06-25 01:15:18 UTC 
Statement:

At this time this flaws reproduction environment is considered too extraordinary and will rarely be a feasable attack vector for most attackers.  The IPSEC connection between connected hosts is a somewhat privileged operation with a shared secret between systems,   Red Hat will unlikely fix this issue due to its significant setup complexity and unlikely configuration.
Comment 9 Product Security DevOps Team 2020-05-20 21:18:34 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-17977