Bug 1437404 (CVE-2017-7308) - CVE-2017-7308 kernel: net/packet: overflow in check for priv area size
Summary: CVE-2017-7308 kernel: net/packet: overflow in check for priv area size
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2017-7308
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1437406 1441171 1441172 1441173 1441174 1441176 1441177 1441178 1459300 1484946
Blocks: 1437408
TreeView+ depends on / blocked
 
Reported: 2017-03-30 09:21 UTC by Martin Prpič
Modified: 2019-09-29 14:08 UTC (History)
36 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow resulting in a system crash or a privilege escalation.
Clone Of:
Environment:
Last Closed: 2018-07-26 13:03:49 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2017:3163 normal SHIPPED_LIVE new packages: kernel-alt 2017-11-09 14:59:25 UTC
Red Hat Product Errata RHSA-2017:1297 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2017-05-25 17:28:57 UTC
Red Hat Product Errata RHSA-2017:1298 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2017-05-25 17:39:36 UTC
Red Hat Product Errata RHSA-2017:1308 normal SHIPPED_LIVE Important: kernel security, bug fix, and enhancement update 2017-05-25 19:32:54 UTC
Red Hat Product Errata RHSA-2018:1854 None None None 2018-06-19 04:49:08 UTC

Comment 1 Martin Prpič 2017-03-30 09:23:04 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1437406]

Comment 6 Vladis Dronov 2017-04-11 12:38:53 UTC
Statement:

This issue does not affect Red Hat Enterprise Linux 5.

In a default or common use of Red Hat Enterprise Linux 6 and 7 this issue does not allow an unprivileged local user elevate their privileges on the system. In order to exploit this issue the attacker needs CAP_NET_RAW capability, which needs to be granted by the administrator to the attacker's account. Since Red Hat Enterprise Linux 6 does not have namespaces support and Red Hat Enterprise Linux 7 does not have unprivileged user namespaces enabled by default, local unprivileged users also cannot abuse namespaces feature to grant this capability to themselves and elevate their privileges.

So, this issue does not affect Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 in the default configuration. Future updates for the respective releases will address this issue to secure non-default configurations.

In the non-default configuration mentioned above only Red Hat Enterprise Linux 7 is vulnerable to a privilege escalation. Red Hat Enterprise Linux 6 is vulnerable only to a denial of service (DoS) due to a system crash, hence the impact on Red Hat Enterprise Linux 6 is rated as being Moderate.

Comment 11 errata-xmlrpc 2017-05-25 13:31:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2017:1297 https://access.redhat.com/errata/RHSA-2017:1297

Comment 12 errata-xmlrpc 2017-05-25 13:42:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:1298 https://access.redhat.com/errata/RHSA-2017:1298

Comment 13 errata-xmlrpc 2017-05-25 15:46:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:1308 https://access.redhat.com/errata/RHSA-2017:1308

Comment 15 errata-xmlrpc 2018-06-19 04:48:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2018:1854 https://access.redhat.com/errata/RHSA-2018:1854


Note You need to log in before you can comment on or make changes to this bug.