CVE-2017-15115: Use After Free
First published: Wed Nov 15 2017(Updated: )
It was found that in Linux kernel when peeling off an association to the socket in another network namespace, all transports in this association are not to be rehashed and keep use the old key in hashtable. A kernel would miss removing transports from hashtable when closing the socket and all transports are being freed. Later on a use-after-free issue could be caused when looking up an association and dereferencing the transports. References: <a href="https://patchwork.ozlabs.org/patch/827077/">https://patchwork.ozlabs.org/patch/827077/</a> <a href="http://seclists.org/oss-sec/2017/q4/282">http://seclists.org/oss-sec/2017/q4/282</a> An upstream patch: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <3.2.96 | |
| Linux Kernel | >=3.3<3.16.51 | |
| Linux Kernel | >=3.17<3.18.84 | |
| Linux Kernel | >=3.19<4.1.47 | |
| Linux Kernel | >=4.2<4.4.100 | |
| Linux Kernel | >=4.5<4.9.65 | |
| Linux Kernel | >=4.10<4.13.16 | |
| Debian Linux | =7.0 | |
| SUSE Linux Enterprise Server | =11-sp4 | |
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =17.10 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.133-1 6.12.21-1 6.12.22-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/101877
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
- https://usn.ubuntu.com/3581-1/
- https://usn.ubuntu.com/3581-2/
- https://usn.ubuntu.com/3581-3/
- https://usn.ubuntu.com/3582-1/
- https://usn.ubuntu.com/3582-2/
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74
- http://seclists.org/oss-sec/2017/q4/282
- https://bugzilla.redhat.com/show_bug.cgi?id=1513345
- https://github.com/torvalds/linux/commit/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74
- https://patchwork.ozlabs.org/patch/827077/
- https://source.android.com/security/bulletin/pixel/2018-04-01
- https://launchpad.net/bugs/cve/CVE-2017-15115
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1513346
- https://access.redhat.com/support/policy/updates/errata/
- https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74
- https://security-tracker.debian.org/tracker/CVE-2017-15115
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15115
- https://nvd.nist.gov/vuln/detail/CVE-2017-15115
- https://ubuntu.com/security/CVE-2017-15115
Frequently Asked Questions
What is the severity of CVE-2017-15115?
CVE-2017-15115 has a medium severity level due to the potential for unintended data exposure related to socket associations.
How do I fix CVE-2017-15115?
To mitigate CVE-2017-15115, you should upgrade your Linux kernel to version 5.10.223-1 or later, or apply the relevant patches provided by your distribution.
Which versions of Linux are affected by CVE-2017-15115?
CVE-2017-15115 affects multiple versions of the Linux kernel, specifically versions prior to 5.10.223-1 and various earlier versions between 3.x and 4.x.
Is CVE-2017-15115 exploitable remotely?
CVE-2017-15115 is not considered remotely exploitable as it requires local access to the system, affecting only users with elevated privileges.
What types of network issues could CVE-2017-15115 cause?
CVE-2017-15115 may lead to inconsistent socket behavior and could potentially allow for unauthorized data retention in some network namespaces.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-15115
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/first-publish-date
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/trending
- agent/last-modified-date
- agent/source
- agent/author
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.3
- version/linux kernel/3.17
- version/linux kernel/3.19
- version/linux kernel/4.2
- version/linux kernel/4.5
- version/linux kernel/4.10
- vendor/debian
- canonical/debian linux
- version/debian linux/7.0
- vendor/suse
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp4
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/16.04
- version/ubuntu/17.10
- package-manager/debian