CVE-2017-16939

Published: Nov 24, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2017-8108 Aliases: GSD-2017-16939
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH 7,2
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete

Description

AI Translation Available

The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,1088
Percentile
0,9th
Updated

EPSS Score Trend (Last 91 Days)

416

Use After Free

Stable
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Availability Confidentiality
Potential Impacts:
Modify Memory Dos: Crash, Exit, Or Restart Execute Unauthorized Code Or Commands
Applicable Platforms
Languages: C, C++, Memory-Unsafe
Likelihood of Exploit: High
View CWE Details
Exploit

Linux Kernel (Ubuntu 17.04) - 'XFRM' Local Privilege …

Linux Kernel (Ubuntu 17.04) - 'XFRM' Local Privilege Escalation

Author: SecuriTeam Published:
View Exploit Code →
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 3.17 (inclusive)
To 3.18.86 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 4.10 (inclusive)
To 4.13.11 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 4.5 (inclusive)
To 4.9.60 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 2.6.28 (inclusive)
To 3.2.97 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 4.2 (inclusive)
To 4.4.104 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 3.3 (inclusive)
To 3.16.52 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 3.19 (inclusive)
To 4.1.48 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.…
Patch Technical Description
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b…
http://lists.opensuse.org/opensuse-security-announce/2018-0…
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
https://access.redhat.com/errata/RHSA-2018:1318
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1318
https://access.redhat.com/errata/RHSA-2018:1355
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1355
https://access.redhat.com/errata/RHSA-2019:1170
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1170
https://access.redhat.com/errata/RHSA-2019:1190
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1190
https://blogs.securiteam.com/index.php/archives/3535
Exploit Patch Third Party Advisory
https://blogs.securiteam.com/index.php/archives/3535
https://bugzilla.suse.com/show_bug.cgi?id=1069702
Issue Tracking Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1069702
http://seclists.org/fulldisclosure/2017/Nov/40
Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2017/Nov/40
https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8…
Patch Third Party Advisory
https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8ee709288ecba3e68044d…
https://lists.debian.org/debian-lts-announce/2017/12/msg000…
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
https://www.debian.org/security/2018/dsa-4082
Third Party Advisory
https://www.debian.org/security/2018/dsa-4082
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.…
Patch Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11
http://www.securityfocus.com/bid/101954
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/101954
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.…
Patch Technical Description
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b…
http://lists.opensuse.org/opensuse-security-announce/2018-0…
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
https://access.redhat.com/errata/RHSA-2018:1318
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1318
https://access.redhat.com/errata/RHSA-2018:1355
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1355
https://access.redhat.com/errata/RHSA-2019:1170
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1170
https://access.redhat.com/errata/RHSA-2019:1190
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1190
https://blogs.securiteam.com/index.php/archives/3535
Exploit Patch Third Party Advisory
https://blogs.securiteam.com/index.php/archives/3535
https://bugzilla.suse.com/show_bug.cgi?id=1069702
Issue Tracking Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1069702
http://seclists.org/fulldisclosure/2017/Nov/40
Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2017/Nov/40
https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8…
Patch Third Party Advisory
https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8ee709288ecba3e68044d…
https://lists.debian.org/debian-lts-announce/2017/12/msg000…
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
https://www.debian.org/security/2018/dsa-4082
Third Party Advisory
https://www.debian.org/security/2018/dsa-4082
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.…
Patch Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11
http://www.securityfocus.com/bid/101954
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/101954