crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.
References
Link | Resource |
---|---|
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d76c68109f37cb85b243a1cf0f40313afd2bae68 | Issue Tracking Patch Third Party Advisory |
http://www.securityfocus.com/bid/102813 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2018:2948 | Third Party Advisory |
https://github.com/torvalds/linux/commit/d76c68109f37cb85b243a1cf0f40313afd2bae68 | Patch |
https://usn.ubuntu.com/3619-1/ | Third Party Advisory |
https://usn.ubuntu.com/3619-2/ | Third Party Advisory |
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.13 | Issue Tracking Release Notes Vendor Advisory |
Configurations
History
07 Feb 2023, 22:17
Type | Values Removed | Values Added |
---|---|---|
References | (REDHAT) https://access.redhat.com/errata/RHSA-2018:2948 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3619-2/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3619-1/ - Third Party Advisory | |
CPE | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* |
|
First Time |
Canonical
Canonical ubuntu Linux |
Information
Published : 2018-01-24 10:29
Updated : 2023-12-10 12:30
NVD link : CVE-2017-18075
Mitre link : CVE-2017-18075
CVE.ORG link : CVE-2017-18075
JSON object : View
Products Affected
canonical
- ubuntu_linux
linux
- linux_kernel
CWE
CWE-763
Release of Invalid Pointer or Reference