Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2017-15129

Disclosure Date: January 09, 2018
CVE-2017-15129 CVSS v3 Base Score: 4.7
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
4.7 Medium
Impact Score:
3.6
Exploitability Score:
1
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
High
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Linux kernel v4.0-rc1 through v4.15-rc5
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • fedoraproject,
  • linux,
  • redhat

Products

  • enterprise linux 7.0,
  • enterprise linux compute node eus 7.4,
  • enterprise linux desktop 7.0,
  • enterprise linux eus 7.4,
  • enterprise linux eus 7.6,
  • enterprise linux eus 7.7,
  • enterprise linux for ibm z systems 7.0,
  • enterprise linux for ibm z systems eus 7.4,
  • enterprise linux for power big endian 7.0,
  • enterprise linux for power big endian eus 7.4,
  • enterprise linux for power little endian eus 7.4,
  • enterprise linux for real time 7.0,
  • enterprise linux for real time for nfv 7,
  • enterprise linux for scientific computing 7.0,
  • enterprise linux server 7.0,
  • enterprise linux server aus 7.4,
  • enterprise linux server tus 7.4,
  • enterprise linux server tus 7.6,
  • enterprise linux server tus 7.7,
  • enterprise linux server update services for sap solutions 7.4,
  • enterprise linux workstation 7.0,
  • fedora 27,
  • linux kernel,
  • linux kernel 4.15,
  • ubuntu linux 14.04,
  • ubuntu linux 16.04,
  • ubuntu linux 17.10

References

Canonical
CVE-2017-15129 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15129)
BID-102485 (http://www.securityfocus.com/bid/102485)
Advisory
USN-3617-1 (https://usn.ubuntu.com/3617-1)
USN-3619-2 (https://usn.ubuntu.com/3619-2)
USN-3617-3 (https://usn.ubuntu.com/3617-3)
USN-3632-1 (https://usn.ubuntu.com/3632-1)
https://access.redhat.com/errata/RHSA-2018:1062
https://access.redhat.com/errata/RHSA-2018:0654
https://access.redhat.com/errata/RHSA-2018:0676
USN-3617-2 (https://usn.ubuntu.com/3617-2)
USN-3619-1 (https://usn.ubuntu.com/3619-1)
https://access.redhat.com/errata/RHSA-2019:1946
Miscellaneous
https://marc.info?l=linux-netdev&m=151370451121029&w=2
https://marc.info?t=151370468900001&r=1&w=2
https://bugzilla.redhat.com/show_bug.cgi?id=1531174
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11
https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0
https://access.redhat.com/security/cve/CVE-2017-15129
http://seclists.org/oss-sec/2018/q1/7
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=21b5944350052d2583e82dd59b19a9ba94a007f0
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0
https://marc.info/?l=linux-netdev&m=151370451121029&w=2
https://marc.info/?t=151370468900001&r=1&w=2
https://usn.ubuntu.com/3617-1/
https://usn.ubuntu.com/3617-2/
https://usn.ubuntu.com/3617-3/
https://usn.ubuntu.com/3619-1/
https://usn.ubuntu.com/3619-2/
https://usn.ubuntu.com/3632-1/

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis