CVE - CVE-2017-18509

CVE-ID
CVE-2017-18509	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20190814 [slackware-security] Slackware 14.2 kernel (SSA:2019-226-01) URL:https://seclists.org/bugtraq/2019/Aug/26 CONFIRM:https://support.f5.com/csp/article/K41582535 CONFIRM:https://support.f5.com/csp/article/K41582535?utm_source=f5support&utm_medium=RSS DEBIAN:DSA-4497 URL:https://www.debian.org/security/2019/dsa-4497 MISC:http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html MISC:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99253eb750fda6a644d5188fb26c43bad8d5a745 MISC:https://github.com/torvalds/linux/commit/99253eb750fda6a644d5188fb26c43bad8d5a745 MISC:https://lists.openwall.net/netdev/2017/12/04/40 MISC:https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-inetcsklistenstop-gpf MISC:https://salsa.debian.org/kernel-team/linux/commit/baefcdc2f29923e7325ce4e1a72c3ff0a9800f32 MLIST:[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update URL:https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html MLIST:[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update URL:https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html UBUNTU:USN-4145-1 URL:https://usn.ubuntu.com/4145-1/
Assigning CNA
MITRE Corporation
Date Record Created
20190813	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20190813)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)