Vulnerability Details : CVE-2017-12153
A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash.
Vulnerability category: Memory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2017-12153
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 25 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-12153
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST |
4.4
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
0.8
|
3.6
|
NIST |
CWE ids for CVE-2017-12153
-
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2017-12153
-
http://www.securityfocus.com/bid/100855
Linux Kernel CVE-2017-12153 Null Pointer Dereference Local Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.debian.org/security/2017/dsa-3981
Debian -- Security Information -- DSA-3981-1 linuxThird Party Advisory
-
https://bugzilla.novell.com/show_bug.cgi?id=1058410
Bug 1058410 – VUL-0: CVE-2017-12153: kernel-source: null pointer dereference in nl80211_set_rekey_data()Issue Tracking;Patch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1491046
1491046 – (CVE-2017-12153) CVE-2017-12153 kernel: null pointer dereference in nl80211_set_rekey_data()Issue Tracking;Patch;Third Party Advisory
-
https://usn.ubuntu.com/3583-1/
USN-3583-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://marc.info/?t=150525503100001&r=1&w=2
'[PATCH] nl80211: check for the required netlink attributes presence' thread - MARCPatch;Third Party Advisory
-
http://seclists.org/oss-sec/2017/q3/437
oss-sec: CVE-2017-12153 Linux kernel: nl80211: null pointer dereference in nl80211_set_rekey_data()Mailing List;Patch;Third Party Advisory
-
https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=e785fa0a164aa11001cba931367c7f94ffaff888
kernel/git/jberg/mac80211.git - mac80211/wireless fixes treeIssue Tracking;Patch;Third Party Advisory
-
https://usn.ubuntu.com/3583-2/
USN-3583-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
Products affected by CVE-2017-12153
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*