The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
References
Link | Resource |
---|---|
http://openwall.com/lists/oss-security/2017/04/04/8 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/97407 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2017:1842 | |
https://access.redhat.com/errata/RHSA-2017:2077 | |
https://access.redhat.com/errata/RHSA-2017:2669 | |
https://access.redhat.com/errata/RHSA-2018:1854 | |
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/net/ipv4/ping.c?id=43a6684519ab0a6c52024b5e25322476cabad893 | Issue Tracking Patch Third Party Advisory |
https://github.com/danieljiang0415/android_kernel_crash_poc | Third Party Advisory |
https://github.com/torvalds/linux/commit/43a6684519ab0a6c52024b5e25322476cabad893 | Issue Tracking Patch Third Party Advisory |
https://twitter.com/danieljiang0415/status/845116665184497664 | Third Party Advisory |
https://usn.ubuntu.com/3754-1/ | |
https://www.exploit-db.com/exploits/42135/ |
Configurations
History
12 Feb 2023, 23:29
Type | Values Removed | Values Added |
---|---|---|
Summary | The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call. | |
References |
|
02 Feb 2023, 16:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system. |
Information
Published : 2017-04-05 06:59
Updated : 2023-12-10 12:01
NVD link : CVE-2017-2671
Mitre link : CVE-2017-2671
CVE.ORG link : CVE-2017-2671
JSON object : View
Products Affected
linux
- linux_kernel
CWE