Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1535173 - (CVE-2017-13215) CVE-2017-13215 kernel: crypto: privilege escalation in skcipher_recvmsg function
CVE-2017-13215 kernel: crypto: privilege escalation in skcipher_recvmsg function
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20180102,repo...
: Security
Depends On: 1541871 1541870 1541872 1541873 1541874 1541875
Blocks: 1535176
  Show dependency treegraph
 
Reported: 2018-01-16 13:52 EST by Laura Pardo
Modified: 2018-10-09 09:12 EDT (History)
27 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A flaw was found in the Linux kernel's skcipher component, which affects the skcipher_recvmsg function. Attackers using a specific input can lead to a privilege escalation.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2384 None None None 2018-08-14 14:44 EDT
Red Hat Product Errata RHSA-2018:2395 None None None 2018-08-14 16:23 EDT

  None (edit)
Description Laura Pardo 2018-01-16 13:52:27 EST 
A flaw was found in the upstream kernel Skcipher component. This vulnerability affects the skcipher_recvmsg function of the component Skcipher. The manipulation with an unknown input leads to a privilege escalation vulnerability

References:
https://source.android.com/security/bulletin/2018-01-01

Patch:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v3.18.78&id=36c84b22ac8aa041cbdfbe48a55ebb32e3521704
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f0414e54e4d1893c6f08260693f8ef84c929293
Comment 6 Eric Christensen 2018-02-05 10:45:14 EST 
Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6, and kernel-alt packages.

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7, MRG-2 and real-time kernels.

Future Linux kernel updates for the respective releases may address this issue.
Comment 7 errata-xmlrpc 2018-08-14 14:44:01 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2384
Comment 8 errata-xmlrpc 2018-08-14 16:23:33 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2018:2395
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.