Linux kernel built with the Transformation User configuration interface(CONFIG_XFRM_USER) is vulnerable to a use-after-free issue. It could occur while closing a xfrm netlink socket, in xfrm_dump_policy_done. A user/process could use this flaw to potentially escalate their privileges on a system. Upstream patch: --------------- -> https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2 Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/11/24/3 -> https://blogs.securiteam.com/index.php/archives/3535
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1517221]
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1517284]
Statement: This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. This issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:1318 https://access.redhat.com/errata/RHSA-2018:1318
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:1355 https://access.redhat.com/errata/RHSA-2018:1355
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Extended Update Support Via RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1170
This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2019:1190 https://access.redhat.com/errata/RHSA-2019:1190