First published: Thu Jan 04 2018(Updated: )
A use-after-free vulnerability was found in a network namespaces code affecting the Linux kernel since v4.0-rc1 through v4.15-rc5. The function get_net_ns_by_id() does not check for the net::count value after it has found a peer network in netns_ids idr which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. References: <a href="https://marc.info/?l=linux-netdev&m=151370451121029&w=2">https://marc.info/?l=linux-netdev&m=151370451121029&w=2</a> <a href="https://marc.info/?t=151370468900001&r=1&w=2">https://marc.info/?t=151370468900001&r=1&w=2</a> (a whole thread) <a href="http://seclists.org/oss-sec/2018/q1/7">http://seclists.org/oss-sec/2018/q1/7</a> An upstream patch: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0</a>
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <4.14.11 | |
Linux Linux kernel | >=4.0<4.14.11 | |
Linux Linux kernel | =4.15-rc1 | |
Linux Linux kernel | =4.15-rc2 | |
Linux Linux kernel | =4.15-rc3 | |
Linux Linux kernel | =4.15-rc4 | |
Fedoraproject Fedora | =27 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =17.10 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux Compute Node Eus | =7.4 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Eus | =7.4 | |
Redhat Enterprise Linux Eus | =7.6 | |
Redhat Enterprise Linux Eus | =7.7 | |
Redhat Enterprise Linux For Ibm Z Systems | =7.0 | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =7.4 | |
Redhat Enterprise Linux For Power Big Endian | =7.0 | |
Redhat Enterprise Linux For Power Big Endian Eus | =7.4 | |
Redhat Enterprise Linux For Power Little Endian Eus | =7.4 | |
Redhat Enterprise Linux For Real Time | =7.0 | |
Redhat Enterprise Linux For Real Time For Nfv | =7 | |
Redhat Enterprise Linux For Scientific Computing | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =7.4 | |
Redhat Enterprise Linux Server Tus | =7.4 | |
Redhat Enterprise Linux Server Tus | =7.6 | |
Redhat Enterprise Linux Server Tus | =7.7 | |
Redhat Enterprise Linux Server Update Services For Sap Solutions | =7.4 | |
Redhat Enterprise Linux Workstation | =7.0 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-15129 is a use-after-free vulnerability found in the Linux kernel before version 4.14.11.
CVE-2017-15129 has a severity level of medium.
CVE-2017-15129 can lead to a double free and may allow an attacker to execute arbitrary code or cause a denial of service.
Linux kernel versions before 4.14.11 are affected by CVE-2017-15129.
Yes, updating the Linux kernel to version 4.14.11 or later fixes CVE-2017-15129.