Bug 1414304 (CVE-2017-0386) - CVE-2017-0386 libnl: Privilege escalation due to insufficient data checks in nla_reserve and nla_put
Summary: CVE-2017-0386 libnl: Privilege escalation due to insufficient data checks in ...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2017-0386
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1414305
Blocks: 1414309
TreeView+ depends on / blocked
 
Reported: 2017-01-18 09:32 UTC by Andrej Nemec
Modified: 2019-09-29 14:04 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-01-19 01:11:46 UTC
Embargoed:

Attachments (Terms of Use)

Description Andrej Nemec 2017-01-18 09:32:58 UTC 
An elevation of privilege vulnerability in the libnl library could enable a
local malicious application to execute arbitrary code within the context of a
privileged process.

References:

https://android.googlesource.com/platform/external/libnl/+/f0b40192efd1af977564ed6335d42a8bbdaf650a
https://github.com/thom311/libnl/issues/124
Comment 1 Andrej Nemec 2017-01-18 09:33:24 UTC 
Created libnl3 tracking bugs for this issue:

Affects: fedora-all [bug 1414305]
Comment 2 Doran Moppert 2017-01-19 01:05:07 UTC 
This CVE seems to be specific to Android's usage of (its fork of) libnl, allowing calls into libnl to cross process (and therefore privilege) boundaries.

On Fedora and Enterprise Linux, libnl inherits the privilege domain of the process which opens it (through dynamic linking or dlopen()) .. like any other shared library.  Thus, this does not represent a security vulnerability.

The same conclusion has been reached on the upstream ticket:

https://github.com/thom311/libnl/issues/124
Note You need to log in before you can comment on or make changes to this bug.