A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
08 Feb 2024, 02:07
Type | Values Removed | Values Added |
---|---|---|
References | () http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0 - Patch | |
References | () http://www.securityfocus.com/bid/102485 - Broken Link | |
References | () https://access.redhat.com/errata/RHSA-2018:0654 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:0676 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:1062 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2019:1946 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1531174 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0 - Patch | |
References | () https://usn.ubuntu.com/3617-1/ - Third Party Advisory | |
References | () https://usn.ubuntu.com/3617-2/ - Third Party Advisory | |
References | () https://usn.ubuntu.com/3617-3/ - Third Party Advisory | |
References | () https://usn.ubuntu.com/3619-1/ - Third Party Advisory | |
References | () https://usn.ubuntu.com/3619-2/ - Third Party Advisory | |
References | () https://usn.ubuntu.com/3632-1/ - Third Party Advisory | |
References | () https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11 - Release Notes | |
CVSS |
v2 : v3 : |
v2 : 4.9
v3 : 4.7 |
CPE | cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:4.15:rc1:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:4.15:rc4:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:4.15:rc3:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:4.15:rc2:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* |
|
CWE | ||
First Time |
Redhat enterprise Linux
Redhat enterprise Linux Server Update Services For Sap Solutions Redhat enterprise Linux For Ibm Z Systems Canonical Redhat enterprise Linux Desktop Redhat enterprise Linux Server Tus Redhat enterprise Linux For Real Time Redhat enterprise Linux Compute Node Eus Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux For Power Big Endian Eus Fedoraproject fedora Redhat enterprise Linux For Real Time For Nfv Fedoraproject Canonical ubuntu Linux Redhat enterprise Linux Server Aus Redhat enterprise Linux For Power Big Endian Redhat enterprise Linux Eus Redhat enterprise Linux For Scientific Computing Redhat enterprise Linux Server Redhat Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux Workstation |
12 Feb 2023, 23:28
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-362 | |
Summary | A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. |
02 Feb 2023, 15:17
Type | Values Removed | Values Added |
---|---|---|
Summary | A use-after-free vulnerability was found in a network namespaces code affecting the Linux kernel since v4.0-rc1 through v4.15-rc5. The function get_net_ns_by_id() does not check for the net::count value after it has found a peer network in netns_ids idr which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. |
Information
Published : 2018-01-09 19:29
Updated : 2024-02-08 02:07
NVD link : CVE-2017-15129
Mitre link : CVE-2017-15129
CVE.ORG link : CVE-2017-15129
JSON object : View
Products Affected
redhat
- enterprise_linux_for_power_big_endian
- enterprise_linux_compute_node_eus
- enterprise_linux
- enterprise_linux_server_aus
- enterprise_linux_server
- enterprise_linux_for_ibm_z_systems_eus
- enterprise_linux_server_update_services_for_sap_solutions
- enterprise_linux_for_ibm_z_systems
- enterprise_linux_for_power_little_endian_eus
- enterprise_linux_for_power_big_endian_eus
- enterprise_linux_desktop
- enterprise_linux_eus
- enterprise_linux_for_real_time
- enterprise_linux_for_real_time_for_nfv
- enterprise_linux_server_tus
- enterprise_linux_workstation
- enterprise_linux_for_scientific_computing
canonical
- ubuntu_linux
fedoraproject
- fedora
linux
- linux_kernel
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')