CVE-2017-12153 : A security flaw was discovered in the nl80211_set_rekey

A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash.

Published 2017-09-21 15:29:01

Updated 2019-10-09 23:22:23

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2017-12153

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions up to, including, (<=) 4.13.3
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-12153

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-12153

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
4.4	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H	0.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2017-12153

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.
Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)

References for CVE-2017-12153

http://www.securityfocus.com/bid/100855

Linux Kernel CVE-2017-12153 Null Pointer Dereference Local Denial of Service Vulnerability
Third Party Advisory;VDB Entry
http://www.debian.org/security/2017/dsa-3981

Debian -- Security Information -- DSA-3981-1 linux
Third Party Advisory

CVEs referencing this url
https://bugzilla.novell.com/show_bug.cgi?id=1058410

Bug 1058410 – VUL-0: CVE-2017-12153: kernel-source: null pointer dereference in nl80211_set_rekey_data()
Issue Tracking;Patch;Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1491046

1491046 – (CVE-2017-12153) CVE-2017-12153 kernel: null pointer dereference in nl80211_set_rekey_data()
Issue Tracking;Patch;Third Party Advisory
https://usn.ubuntu.com/3583-1/

USN-3583-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://marc.info/?t=150525503100001&r=1&w=2

'[PATCH] nl80211: check for the required netlink attributes presence' thread - MARC
Patch;Third Party Advisory
http://seclists.org/oss-sec/2017/q3/437

oss-sec: CVE-2017-12153 Linux kernel: nl80211: null pointer dereference in nl80211_set_rekey_data()
Mailing List;Patch;Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=e785fa0a164aa11001cba931367c7f94ffaff888

kernel/git/jberg/mac80211.git - mac80211/wireless fixes tree
Issue Tracking;Patch;Third Party Advisory
https://usn.ubuntu.com/3583-2/

USN-3583-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-12153

Products affected by CVE-2017-12153

Exploit prediction scoring system (EPSS) score for CVE-2017-12153

CVSS scores for CVE-2017-12153

CWE ids for CVE-2017-12153

References for CVE-2017-12153