1436629 – (CVE-2017-7277) CVE-2017-7277 kernel: Mishandling SCM_TIMESTAMPING_OPT_STATS feature causes out-of-bounds read

Bug 1436629 (CVE-2017-7277) - CVE-2017-7277 kernel: Mishandling SCM_TIMESTAMPING_OPT_STATS feature causes out-of-bounds read

Summary: CVE-2017-7277 kernel: Mishandling SCM_TIMESTAMPING_OPT_STATS feature causes o...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2017-7277
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1436661 1442032
Blocks:	1436633
TreeView+	depends on / blocked

Reported:	2017-03-28 10:57 UTC by Adam Mariš
Modified:	2021-02-17 02:24 UTC (History)
CC List:	33 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c.
Clone Of:
Environment:
Last Closed:	2017-04-13 11:21:03 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2017:3163	0	normal	SHIPPED_LIVE	new packages: kernel-alt	2017-11-09 14:59:25 UTC

Description Adam Mariš 2017-03-28 10:57:59 UTC

The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c.

Reference:

https://lkml.org/lkml/2017/3/15/485

Upstream patches:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8605330aac5a5785630aec8f64378a54891937cc

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4ef1b2869447411ad3ef91ad7d4891a83c1a509a

Comment 1 Adam Mariš 2017-03-28 12:02:31 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1436661]

Comment 4 Vladis Dronov 2017-04-13 11:16:00 UTC

Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2 as the code where the flaw was found is not present in these products.

Note You need to log in before you can comment on or make changes to this bug.

agordeev
aquini
bhu
dhoward
esammons
fhrbata
gansalmon
hwkernel-mgr
iboverma
ichavero
itamar
jforbes
jkacur
jonathan
jross
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
lwang
madhu.chinakonda
matt
mchehab
mcressma
mguzik
nmurray
pholasek
plougher
rt-maint
rvrbovsk
vdronov
williams