Vulnerability Details : CVE-2017-18075
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.
Vulnerability category: Denial of service
Products affected by CVE-2017-18075
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Threat overview for CVE-2017-18075
Top countries where our scanners detected CVE-2017-18075
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2017-18075 2,225
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2017-18075!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2017-18075
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-18075
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-18075
-
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-18075
-
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.13
Issue Tracking;Release Notes;Vendor Advisory
-
http://www.securityfocus.com/bid/102813
Linux Kernel 'crypto/pcrypt.c' Local Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2018:2948
RHSA-2018:2948 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://github.com/torvalds/linux/commit/d76c68109f37cb85b243a1cf0f40313afd2bae68
crypto: pcrypt - fix freeing pcrypt instances · torvalds/linux@d76c681 · GitHubPatch
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d76c68109f37cb85b243a1cf0f40313afd2bae68
kernel/git/torvalds/linux.git - Linux kernel source treeIssue Tracking;Patch;Third Party Advisory
-
https://usn.ubuntu.com/3619-1/
USN-3619-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3619-2/
USN-3619-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to