CVE-2017-15649 - OpenCVE

net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

References

Link	Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110	Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e	Third Party Advisory
http://patchwork.ozlabs.org/patch/813945/	Issue Tracking Third Party Advisory
http://patchwork.ozlabs.org/patch/818726/	Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6	Exploit Third Party Advisory
http://www.securityfocus.com/bid/101573	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:0151
https://access.redhat.com/errata/RHSA-2018:0152
https://access.redhat.com/errata/RHSA-2018:0181
https://blogs.securiteam.com/index.php/archives/3484	Third Party Advisory
https://github.com/torvalds/linux/commit/008ba2a13f2d04c947adc536d19debb8fe66f110	Patch Third Party Advisory
https://github.com/torvalds/linux/commit/4971613c1639d8e5f102c4e797c3bf8f83a5a69e	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
https://usn.ubuntu.com/3754-1/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-10-19T22:00:00

Updated: 2018-08-24T09:57:01

Reserved: 2017-10-19T00:00:00

Link: CVE-2017-15649

JSON object: View

NVD Information

Status : Modified

Published: 2017-10-19T22:29:00.433

Modified: 2018-08-24T10:29:00.710

Link: CVE-2017-15649

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-19T00:00:00", "descriptions": [{"lang": "en", "value": "net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-24T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110"}, {"tags": ["x_refsource_MISC"], "url": "https://blogs.securiteam.com/index.php/archives/3484"}, {"name": "101573", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101573"}, {"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"}, {"name": "RHSA-2018:0181", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0181"}, {"tags": ["x_refsource_MISC"], "url": "http://patchwork.ozlabs.org/patch/813945/"}, {"name": "USN-3754-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3754-1/"}, {"name": "RHSA-2018:0152", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0152"}, {"tags": ["x_refsource_MISC"], "url": "http://patchwork.ozlabs.org/patch/818726/"}, {"name": "RHSA-2018:0151", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0151"}, {"tags": ["x_refsource_MISC"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/4971613c1639d8e5f102c4e797c3bf8f83a5a69e"}, {"tags": ["x_refsource_MISC"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/008ba2a13f2d04c947adc536d19debb8fe66f110"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15649", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110"}, {"name": "https://blogs.securiteam.com/index.php/archives/3484", "refsource": "MISC", "url": "https://blogs.securiteam.com/index.php/archives/3484"}, {"name": "101573", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101573"}, {"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"}, {"name": "RHSA-2018:0181", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0181"}, {"name": "http://patchwork.ozlabs.org/patch/813945/", "refsource": "MISC", "url": "http://patchwork.ozlabs.org/patch/813945/"}, {"name": "USN-3754-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3754-1/"}, {"name": "RHSA-2018:0152", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0152"}, {"name": "http://patchwork.ozlabs.org/patch/818726/", "refsource": "MISC", "url": "http://patchwork.ozlabs.org/patch/818726/"}, {"name": "RHSA-2018:0151", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0151"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e"}, {"name": "https://github.com/torvalds/linux/commit/4971613c1639d8e5f102c4e797c3bf8f83a5a69e", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/4971613c1639d8e5f102c4e797c3bf8f83a5a69e"}, {"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6", "refsource": "MISC", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6"}, {"name": "https://github.com/torvalds/linux/commit/008ba2a13f2d04c947adc536d19debb8fe66f110", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/008ba2a13f2d04c947adc536d19debb8fe66f110"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-15649", "datePublished": "2017-10-19T22:00:00", "dateReserved": "2017-10-19T00:00:00", "dateUpdated": "2018-08-24T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CBA5FF4-3406-4A63-9242-E6597219C011", "versionEndIncluding": "4.13.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346."}, {"lang": "es", "value": "net/packet/af_packet.c en versiones anteriores a la 4.13.6 del kernel de Linux permite que usuarios locales obtengan privilegios mediante llamadas manipuladas al sistema que dan lugar a una gesti\u00f3n incorrecta de las estructuras de datos packet_fanout. Esto se debe a una condici\u00f3n de carrera (que afecta a fanout_add y packet_do_bind) que da lugar a un uso de memoria previamente liberada. Esta vulnerabilidad es diferente de CVE-2017-6346."}], "id": "CVE-2017-15649", "lastModified": "2018-08-24T10:29:00.710", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-19T22:29:00.433", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://patchwork.ozlabs.org/patch/813945/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://patchwork.ozlabs.org/patch/818726/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101573"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:0151"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:0152"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:0181"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://blogs.securiteam.com/index.php/archives/3484"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/008ba2a13f2d04c947adc536d19debb8fe66f110"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/4971613c1639d8e5f102c4e797c3bf8f83a5a69e"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3754-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}