CVE-2017-2671
published 2017-04-05CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that…
PriorityP425medium5.5CVSS 3.0
AVLACLPRLUINSUCNINAH
EXPLOIT
EPSS
1.46%
70.4th percentile
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 4.9.25-1 (bookworm) | linux 4.9.25-1 (bookworm) |
| linux | linux_kernel | <= 4.10.8 | — |
| linux | linux_kernel | >= 0 < 4.9.25-1 | 4.9.25-1 |
| linux | linux_kernel | >= 0 < 4.9.25-1 | 4.9.25-1 |
| linux | linux_kernel | >= 0 < 4.9.25-1 | 4.9.25-1 |
| linux | linux_kernel | >= 0 < 4.9.25-1 | 4.9.25-1 |
| linux | linux_kernel | >= 0 < 3.13.0-157.207 | 3.13.0-157.207 |
| linux | linux_kernel | >= 0 < 4.4.0-79.100 | 4.4.0-79.100 |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
vendor_ubuntu5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2hqc-mrj5-72jg: The ping_unhash function in net/ipv4/ping
ghsa_unreviewed·2022-05-13
CVE-2017-2671 [MEDIUM] GHSA-2hqc-mrj5-72jg: The ping_unhash function in net/ipv4/ping
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
OSV
linux vulnerabilities
osv·2018-08-24·CVSS 4.3
CVE-2016-10208 [MEDIUM] linux vulnerabilities
linux vulnerabilities
Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel
did not properly validate meta block groups. An attacker with physical
access could use this to specially craft an ext4 image that causes a denial
of service (system crash). (CVE-2016-10208)
It was discovered that an information disclosure vulnerability existed in
the ACPI implementation of the Linux kernel. A local attacker could use
this to expose sensitive information (kernel memory addresses).
(CVE-2017-11472)
It was discovered that a buffer overflow existed in the ACPI table parsing
implementation in the Linux kernel. A local attacker could use this to
construct a malicious ACPI table that, when loaded, caused a denial of
service (system crash) or possibly execute arbitrary code.
(CVE-
OSV
linux-hwe vulnerabilities
osv·2017-07-21·CVSS 5.5
[MEDIUM] linux-hwe vulnerabilities
linux-hwe vulnerabilities
USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please
note that this update changes the Linux HWE kernel to the 4.10 based
kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from
Ubuntu 16.10.
Ben Harris discovered that the Linux kernel would strip extended privilege
attributes of files when performing a failed unprivileged system call. A
local attacker could use this to cause a denial of service. (CVE-2015-1350)
Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel
did not properly validate meta block groups. An attacker with physical
access could use this to specially cr
OSV
linux-lts-xenial vulnerabilities
osv·2017-06-07·CVSS 5.0
[MEDIUM] linux-lts-xenial vulnerabilities
linux-lts-xenial vulnerabilities
USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
It was discovered that the netfilter netlink implementation in the Linux
kernel did not properly validate batch messages. A local attacker with the
CAP_NET_ADMIN capability could use this to expose sensitive information or
cause a denial of service. (CVE-2016-7917)
Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()
function in the Linux kernel. A local attacker could use to cause a denial
of service (system crash) or possibly execute arbitrary code with
administrative privileges. (CVE-2016-8632)
It was discovered that th
OSV
linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
osv·2017-06-07·CVSS 5.0
CVE-2016-7917 [MEDIUM] linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that the netfilter netlink implementation in the Linux
kernel did not properly validate batch messages. A local attacker with the
CAP_NET_ADMIN capability could use this to expose sensitive information or
cause a denial of service. (CVE-2016-7917)
Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()
function in the Linux kernel. A local attacker could use to cause a denial
of service (system crash) or possibly execute arbitrary code with
administrative privileges. (CVE-2016-8632)
It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attac
OSV
CVE-2017-2671: The ping_unhash function in net/ipv4/ping
osv·2017-04-05·CVSS 5.5
CVE-2017-2671 [MEDIUM] CVE-2017-2671: The ping_unhash function in net/ipv4/ping
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2018-08-24·CVSS 4.3
CVE-2016-10208 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel
did not properly validate meta block groups. An attacker with physical
access could use this to specially craft an ext4 image that causes a denial
of service (system crash). (CVE-2016-10208)
It was discovered that an information disclosure vulnerability existed in
the ACPI implementation of the Linux kernel. A local attacker could use
this to expose sensitive information (kernel memory addresses).
(CVE-2017-11472)
It was discovered that a buffer overflow existed in the ACPI table parsing
implementation in the Linux kernel. A local attacker could use this to
construct a malicious ACPI table that, when loaded, cau
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2017-07-21·CVSS 5.5
CVE-2015-1350 [MEDIUM] Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please
note that this update changes the Linux HWE kernel to the 4.10 based
kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from
Ubuntu 16.10.
Ben Harris discovered that the Linux kernel would strip extended privilege
attributes of files when performing a failed unprivileged system call. A
local attacker could use this to cause a denial of service. (CVE-2015-1350)
Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel
did not properly validate
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities
vendor_ubuntu·2017-06-07·CVSS 5.0
CVE-2016-7913 [MEDIUM] Linux kernel (Xenial HWE) vulnerabilities
Title: Linux kernel (Xenial HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
It was discovered that the netfilter netlink implementation in the Linux
kernel did not properly validate batch messages. A local attacker with the
CAP_NET_ADMIN capability could use this to expose sensitive information or
cause a denial of service. (CVE-2016-7917)
Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()
function in the Linux kernel. A local attacker could use to cause a denial
of service (system crash) or possibly execute arbitra
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2017-06-07·CVSS 5.0
CVE-2016-7913 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the netfilter netlink implementation in the Linux
kernel did not properly validate batch messages. A local attacker with the
CAP_NET_ADMIN capability could use this to expose sensitive information or
cause a denial of service. (CVE-2016-7917)
Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()
function in the Linux kernel. A local attacker could use to cause a denial
of service (system crash) or possibly execute arbitrary code with
administrative privileges. (CVE-2016-8632)
It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2017-06-07·CVSS 4.4
CVE-2016-9604 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attacker could use this to bypass
module verification. (CVE-2016-9604)
It was discovered that a buffer overflow existed in the trace subsystem in
the Linux kernel. A privileged local attacker could use this to execute
arbitrary code. (CVE-2017-0605)
Daniel Jiang discovered that a race condition existed in the ipv4 ping
socket implementation in the Linux kernel. A local privileged attacker
could use this to cause a denial of service (system crash). (CVE-2017-2671)
JongHwan Kim discovered an out-of-b
Red Hat
kernel: ping socket / AF_LLC connect() sin_family race
vendor_redhat·2017-03-24·CVSS 5.5
CVE-2017-2671 [MEDIUM] CWE-362 kernel: ping socket / AF_LLC connect() sin_family race
kernel: ping socket / AF_LLC connect() sin_family race
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system.
Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.
This issue affects the Li
Debian
CVE-2017-2671: linux - The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 i...
vendor_debian·2017·CVSS 5.5
CVE-2017-2671 [MEDIUM] CVE-2017-2671: linux - The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 i...
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
Scope: local
bookworm: resolved (fixed in 4.9.25-1)
bullseye: resolved (fixed in 4.9.25-1)
forky: resolved (fixed in 4.9.25-1)
sid: resolved (fixed in 4.9.25-1)
trixie: resolved (fixed in 4.9.25-1)
No detection rules found.
Bugzilla
CVE-2017-2671 kernel: various flaws [fedora-all]
bugzilla·2017-03-28·CVSS 5.5
CVE-2017-2671 [MEDIUM] CVE-2017-2671 kernel: various flaws [fedora-all]
CVE-2017-2671 kernel: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tr
Bugzilla
CVE-2017-2671 kernel: ping socket / AF_LLC connect() sin_family race
bugzilla·2017-03-28·CVSS 5.5
CVE-2017-2671 [MEDIUM] CVE-2017-2671 kernel: ping socket / AF_LLC connect() sin_family race
CVE-2017-2671 kernel: ping socket / AF_LLC connect() sin_family race
A race condition, leading to a NULL pointer dereference, was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to corrupt kernel memory leading to a kernel crash or privilege escalation.
References:
http://seclists.org/oss-sec/2017/q1/675
CVE assignment:
http://seclists.org/oss-sec/2017/q2/17
Patch:
http://seclists.org/oss-sec/2017/q1/677
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=43a6684519ab0a6c52024b5e25322476cabad893
Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43a6684519ab0a6c52024b5e25322476cabad893
Discussion:
*** Bug 1436658 has been marked as a du
http://openwall.com/lists/oss-security/2017/04/04/8http://www.securityfocus.com/bid/97407https://access.redhat.com/errata/RHSA-2017:1842https://access.redhat.com/errata/RHSA-2017:2077https://access.redhat.com/errata/RHSA-2017:2669https://access.redhat.com/errata/RHSA-2018:1854https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/net/ipv4/ping.c?id=43a6684519ab0a6c52024b5e25322476cabad893https://github.com/danieljiang0415/android_kernel_crash_pochttps://github.com/torvalds/linux/commit/43a6684519ab0a6c52024b5e25322476cabad893https://twitter.com/danieljiang0415/status/845116665184497664https://usn.ubuntu.com/3754-1/https://www.exploit-db.com/exploits/42135/http://openwall.com/lists/oss-security/2017/04/04/8http://www.securityfocus.com/bid/97407https://access.redhat.com/errata/RHSA-2017:1842https://access.redhat.com/errata/RHSA-2017:2077https://access.redhat.com/errata/RHSA-2017:2669https://access.redhat.com/errata/RHSA-2018:1854https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/net/ipv4/ping.c?id=43a6684519ab0a6c52024b5e25322476cabad893https://github.com/danieljiang0415/android_kernel_crash_pochttps://github.com/torvalds/linux/commit/43a6684519ab0a6c52024b5e25322476cabad893https://twitter.com/danieljiang0415/status/845116665184497664https://usn.ubuntu.com/3754-1/https://www.exploit-db.com/exploits/42135/
2017-04-05
Published