CVE-2017-1000111
published 2017-10-05CVE-2017-1000111: Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 4.12.6-1 (bookworm) | linux 4.12.6-1 (bookworm) |
| linux | linux_kernel | >= 0 < 4.12.6-1 | 4.12.6-1 |
| linux | linux_kernel | >= 0 < 4.12.6-1 | 4.12.6-1 |
| linux | linux_kernel | >= 0 < 4.12.6-1 | 4.12.6-1 |
| linux | linux_kernel | >= 0 < 4.12.6-1 | 4.12.6-1 |
| linux | linux_kernel | >= 0 < 3.13.0-128.177 | 3.13.0-128.177 |
| linux | linux_kernel | >= 0 < 4.4.0-91.114 | 4.4.0-91.114 |
| linux | linux_kernel | >= 2.6.27 < 3.2.92 | 3.2.92 |
| linux | linux_kernel | >= 3.11 < 3.16.47 | 3.16.47 |
| linux | linux_kernel | >= 3.17 < 3.18.65 | 3.18.65 |
| linux | linux_kernel | >= 3.19 < 4.1.44 | 4.1.44 |
| linux | linux_kernel | >= 3.3 < 3.10.108 | 3.10.108 |
| linux | linux_kernel | >= 4.10 < 4.12.7 | 4.12.7 |
| linux | linux_kernel | >= 4.2 < 4.4.82 | 4.4.82 |
| linux | linux_kernel | >= 4.5 < 4.9.43 | 4.9.43 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities
vendor_ubuntu·2017-08-11·CVSS 7.8
CVE-2017-1000111 [HIGH] Linux kernel (Xenial HWE) vulnerabilities
Title: Linux kernel (Xenial HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3385-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
Andrey Konovalov discovered a race condition in the UDP Fragmentation
Offload (UFO) code in the Linux kernel. A local attacker could use this to
cause a denial of service or execute arbitrary code. (CVE-2017-1000112)
Andrey Konovalov discovered a race condition in AF_PACKET socket option
handling code in the Linux kernel. A local unprivileged attacker could use
this to cause a denial of service or possibly execute arbitrary code.
(CVE-2017-1000111)
Instructions: A
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2017-08-11·CVSS 7.8
CVE-2017-1000111 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Andrey Konovalov discovered a race condition in the UDP Fragmentation
Offload (UFO) code in the Linux kernel. A local attacker could use this to
cause a denial of service or execute arbitrary code. (CVE-2017-1000112)
Andrey Konovalov discovered a race condition in AF_PACKET socket option
handling code in the Linux kernel. A local unprivileged attacker could use
this to cause a denial of service or possibly execute arbitrary code.
(CVE-2017-1000111)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recom
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities
vendor_ubuntu·2017-08-11·CVSS 7.8
CVE-2017-1000111 [HIGH] Linux kernel (Trusty HWE) vulnerabilities
Title: Linux kernel (Trusty HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3386-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 ESM.
Andrey Konovalov discovered a race condition in the UDP Fragmentation
Offload (UFO) code in the Linux kernel. A local attacker could use this to
cause a denial of service or execute arbitrary code. (CVE-2017-1000112)
Andrey Konovalov discovered a race condition in AF_PACKET socket option
handling code in the Linux kernel. A local unprivileged attacker could use
this to cause a denial of service or possibly execute arbitrary code.
(CVE-2017-1000111)
Instructions: A
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2017-08-11·CVSS 7.8
CVE-2017-1000111 [HIGH] Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3384-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu
16.04 LTS.
Andrey Konovalov discovered a race condition in the UDP Fragmentation
Offload (UFO) code in the Linux kernel. A local attacker could use this to
cause a denial of service or execute arbitrary code. (CVE-2017-1000112)
Andrey Konovalov discovered a race condition in AF_PACKET socket option
handling code in the Linux kernel. A local unprivileged attacker could use
this to cause a denial of service or possibly execute arbitrary code.
(CVE-2017-1000111)
Instructions: After a standard
Red Hat
kernel: Heap out-of-bounds read in AF_PACKET sockets
vendor_redhat·2017-08-10·CVSS 7.8
CVE-2017-1000111 [HIGH] CWE-362 kernel: Heap out-of-bounds read in AF_PACKET sockets
kernel: Heap out-of-bounds read in AF_PACKET sockets
Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.
A race condition issue was found in the way the raw packet socket implementation in the Linux kernel networking subsystem handled synchr
Debian
CVE-2017-1000111: linux - Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogo...
vendor_debian·2017·CVSS 7.8
CVE-2017-1000111 [HIGH] CVE-2017-1000111: linux - Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogo...
Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.
Scope: local
bookworm: resolved (fixed in 4.12.6-1)
bullseye: resolved (fixed in 4.12.6-1)
forky: resolved (fixed in 4.12.6-1)
sid: resolved (fixed in 4.12.6-1)
trixie: resolved (fixed in 4.1
GHSA
GHSA-7m59-9m96-wch5: Linux kernel: heap out-of-bounds in AF_PACKET sockets
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2017-1000111 [HIGH] CWE-787 GHSA-7m59-9m96-wch5: Linux kernel: heap out-of-bounds in AF_PACKET sockets
Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.
OSV
CVE-2017-1000111: Linux kernel: heap out-of-bounds in AF_PACKET sockets
osv·2017-10-05·CVSS 7.8
CVE-2017-1000111 [HIGH] CVE-2017-1000111: Linux kernel: heap out-of-bounds in AF_PACKET sockets
Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.
OSV
linux-hwe vulnerabilities
osv·2017-08-11·CVSS 7.8
CVE-2017-1000112 [HIGH] linux-hwe vulnerabilities
linux-hwe vulnerabilities
USN-3384-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu
16.04 LTS.
Andrey Konovalov discovered a race condition in the UDP Fragmentation
Offload (UFO) code in the Linux kernel. A local attacker could use this to
cause a denial of service or execute arbitrary code. (CVE-2017-1000112)
Andrey Konovalov discovered a race condition in AF_PACKET socket option
handling code in the Linux kernel. A local unprivileged attacker could use
this to cause a denial of service or possibly execute arbitrary code.
(CVE-2017-1000111)
OSV
linux-lts-xenial vulnerabilities
osv·2017-08-11·CVSS 7.8
CVE-2017-1000112 [HIGH] linux-lts-xenial vulnerabilities
linux-lts-xenial vulnerabilities
USN-3385-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
Andrey Konovalov discovered a race condition in the UDP Fragmentation
Offload (UFO) code in the Linux kernel. A local attacker could use this to
cause a denial of service or execute arbitrary code. (CVE-2017-1000112)
Andrey Konovalov discovered a race condition in AF_PACKET socket option
handling code in the Linux kernel. A local unprivileged attacker could use
this to cause a denial of service or possibly execute arbitrary code.
(CVE-2017-1000111)
OSV
linux vulnerabilities
osv·2017-08-11·CVSS 7.8
CVE-2017-1000112 [HIGH] linux vulnerabilities
linux vulnerabilities
Andrey Konovalov discovered a race condition in the UDP Fragmentation
Offload (UFO) code in the Linux kernel. A local attacker could use this to
cause a denial of service or execute arbitrary code. (CVE-2017-1000112)
Andrey Konovalov discovered a race condition in AF_PACKET socket option
handling code in the Linux kernel. A local unprivileged attacker could use
this to cause a denial of service or possibly execute arbitrary code.
(CVE-2017-1000111)
OSV
linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
osv·2017-08-11·CVSS 7.8
CVE-2017-1000112 [HIGH] linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
Andrey Konovalov discovered a race condition in the UDP Fragmentation
Offload (UFO) code in the Linux kernel. A local attacker could use this to
cause a denial of service or execute arbitrary code. (CVE-2017-1000112)
Andrey Konovalov discovered a race condition in AF_PACKET socket option
handling code in the Linux kernel. A local unprivileged attacker could use
this to cause a denial of service or possibly execute arbitrary code.
(CVE-2017-1000111)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-1000111 kernel: Heap out-of-bounds in AF_PACKET sockets [fedora-all]
bugzilla·2017-08-11·CVSS 7.8
CVE-2017-1000111 [HIGH] CVE-2017-1000111 kernel: Heap out-of-bounds in AF_PACKET sockets [fedora-all]
CVE-2017-1000111 kernel: Heap out-of-bounds in AF_PACKET sockets [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions
Bugzilla
CVE-2017-1000111 kernel: Heap out-of-bounds read in AF_PACKET sockets
bugzilla·2017-08-08·CVSS 7.8
CVE-2017-1000111 [HIGH] CVE-2017-1000111 kernel: Heap out-of-bounds read in AF_PACKET sockets
CVE-2017-1000111 kernel: Heap out-of-bounds read in AF_PACKET sockets
A race condition issue was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this to waste resources in the kernels ring buffer or possibly cause a read-out-of-bounds on the heap possibly panicking the machine.
In a default or common use of Red Hat Enterprise Linux 6 and 7 this issue does not allow an unprivileged local user to use this functionality.
In order to exploit this issue the attacker needs CAP_NET_RAW capability, which needs to be granted by the administrator to the attacker's account. Since Red Hat Enterprise Linux does not have unprivileged us
http://www.debian.org/security/2017/dsa-3981http://www.securityfocus.com/bid/100267http://www.securitytracker.com/id/1039132https://access.redhat.com/errata/RHSA-2017:2918https://access.redhat.com/errata/RHSA-2017:2930https://access.redhat.com/errata/RHSA-2017:2931https://access.redhat.com/errata/RHSA-2017:3200https://access.redhat.com/security/cve/cve-2017-1000111http://www.debian.org/security/2017/dsa-3981http://www.securityfocus.com/bid/100267http://www.securitytracker.com/id/1039132https://access.redhat.com/errata/RHSA-2017:2918https://access.redhat.com/errata/RHSA-2017:2930https://access.redhat.com/errata/RHSA-2017:2931https://access.redhat.com/errata/RHSA-2017:3200https://access.redhat.com/security/cve/cve-2017-1000111
2017-10-05
Published