Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1430347 - (CVE-2016-10200) CVE-2016-10200 kernel: l2tp: Race condition in the L2TPv3 IP encapsulation feature
CVE-2016-10200 kernel: l2tp: Race condition in the L2TPv3 IP encapsulation fe...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20161118,repo...
: Security
Depends On: 1441557 1441553 1441554 1441555 1441556
Blocks: 1430348
  Show dependency treegraph
 
Reported: 2017-03-08 07:25 EST by Andrej Nemec
Modified: 2018-08-28 18:14 EDT (History)
34 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:1842 normal SHIPPED_LIVE Important: kernel security, bug fix, and enhancement update 2017-08-01 14:22:09 EDT
Red Hat Product Errata RHSA-2017:2077 normal SHIPPED_LIVE Important: kernel-rt security, bug fix, and enhancement update 2017-08-01 14:13:37 EDT
Red Hat Product Errata RHSA-2017:2437 normal SHIPPED_LIVE Important: kernel security and bug fix update 2017-08-08 16:14:23 EDT
Red Hat Product Errata RHSA-2017:2444 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2017-08-08 18:50:57 EDT

  None (edit)
Description Andrej Nemec 2017-03-08 07:25:20 EST 
A flaw was found on the linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.

Upstream patch:

https://github.com/torvalds/linux/commit/32c231164b76

Follow-up upstream patches:

https://github.com/torvalds/linux/commit/0382a25af3c7
https://github.com/torvalds/linux/commit/a3c18422a4b4
https://github.com/torvalds/linux/commit/d5e3a190937a
https://github.com/torvalds/linux/commit/df90e6886146
https://github.com/torvalds/linux/commit/31e2f21fb35b

Merge commit of the above series:

https://github.com/torvalds/linux/commit/7752f72748db

Another follow-up upstream patch:

https://github.com/torvalds/linux/commit/94d7ee0baa8b

References:

https://source.android.com/security/bulletin/2017-03-01.html
Comment 5 Adam Mariš 2017-04-18 02:42:46 EDT 
Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as the code with the flaw is not present in the products listed.

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2.  Future Linux kernel updates for the respective releases may address this issue.
Comment 8 errata-xmlrpc 2017-08-01 15:13:51 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2077
Comment 9 errata-xmlrpc 2017-08-02 03:54:00 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:1842
Comment 10 errata-xmlrpc 2017-08-08 12:21:06 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Extended Update Support

Via RHSA-2017:2437 https://access.redhat.com/errata/RHSA-2017:2437
Comment 11 errata-xmlrpc 2017-08-08 14:58:16 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2017:2444 https://access.redhat.com/errata/RHSA-2017:2444
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.