Vulnerability Details : CVE-2017-18509
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.
Vulnerability category: Input validationExecute code
Products affected by CVE-2017-18509
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-18509
0.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-18509
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-18509
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-18509
-
https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html
[SECURITY] [DLA 1884-1] linux security updateMailing List;Third Party Advisory
-
https://github.com/torvalds/linux/commit/99253eb750fda6a644d5188fb26c43bad8d5a745
ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt · torvalds/linux@99253eb · GitHubPatch;Third Party Advisory
-
https://lists.openwall.net/netdev/2017/12/04/40
netdev - net/ipv4: general protection fault in inet_csk_listen_stopMailing List;Third Party Advisory
-
https://seclists.org/bugtraq/2019/Aug/26
Bugtraq: [slackware-security] Slackware 14.2 kernel (SSA:2019-226-01)Mailing List;Third Party Advisory
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99253eb750fda6a644d5188fb26c43bad8d5a745
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
https://usn.ubuntu.com/4145-1/
USN-4145-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://support.f5.com/csp/article/K41582535
Third Party Advisory
-
https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-inetcsklistenstop-gpf
Linux Kernel 4.9 - inet_csk_listen_stop GPFExploit;Third Party Advisory
-
https://www.debian.org/security/2019/dsa-4497
Debian -- Security Information -- DSA-4497-1 linuxThird Party Advisory
-
https://salsa.debian.org/kernel-team/linux/commit/baefcdc2f29923e7325ce4e1a72c3ff0a9800f32
ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt (baefcdc2) · Commits · Debian kernel team / linux · GitLabThird Party Advisory
-
http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
Slackware Security Advisory - Slackware 14.2 kernel Updates ≈ Packet StormThird Party Advisory;VDB Entry
-
https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html
[SECURITY] [DLA 1885-1] linux-4.9 security updateMailing List;Third Party Advisory
-
https://support.f5.com/csp/article/K41582535?utm_source=f5support&utm_medium=RSS
Third Party Advisory
Jump to