Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1517220 - (CVE-2017-16939) CVE-2017-16939 Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation
CVE-2017-16939 Kernel: ipsec: xfrm: use-after-free leading to potential privi...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20171124,repo...
: Security
Depends On: 1517293 1517221 1517284 1517287 1517288 1517289 1517290 1517291 1517292 1555182
Blocks: 1517157
  Show dependency treegraph
 
Reported: 2017-11-24 05:51 EST by Prasad J Pandit
Modified: 2018-08-28 18:26 EDT (History)
44 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
The Linux kernel is vulerable to a use-after-free flaw when Transformation User configuration interface(CONFIG_XFRM_USER) compile-time configuration were enabled. This vulnerability occurs while closing a xfrm netlink socket in xfrm_dump_policy_done. A user/process could abuse this flaw to potentially escalate their privileges on a system.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:1318 None None None 2018-05-08 14:25 EDT
Red Hat Product Errata RHSA-2018:1355 None None None 2018-05-08 18:24 EDT

  None (edit)
Description Prasad J Pandit 2017-11-24 05:51:02 EST 
Linux kernel built with the Transformation User configuration
interface(CONFIG_XFRM_USER) is vulnerable to a use-after-free
issue. It could occur while closing a xfrm netlink socket,
in xfrm_dump_policy_done.

A user/process could use this flaw to potentially escalate their
privileges on a system.

Upstream patch:
---------------
  -> https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2017/11/24/3
  -> https://blogs.securiteam.com/index.php/archives/3535
Comment 1 Prasad J Pandit 2017-11-24 05:52:20 EST 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1517221]
Comment 2 Prasad J Pandit 2017-11-24 08:48:41 EST 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1517284]
Comment 7 Eric Christensen 2017-12-04 10:19:21 EST 
Statement:

This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.

This issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.
Comment 12 errata-xmlrpc 2018-05-08 14:25:14 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:1318 https://access.redhat.com/errata/RHSA-2018:1318
Comment 13 errata-xmlrpc 2018-05-08 18:24:23 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:1355 https://access.redhat.com/errata/RHSA-2018:1355
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.