First published: Wed Jan 24 2018(Updated: )
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | >=4.2<4.4.111 | |
Linux Linux kernel | >=4.5<4.9.76 | |
Linux Linux kernel | >=4.10<4.14.13 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
redhat/kernel | <4.14.13 | 4.14.13 |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2017-18075.
CVE-2017-18075 has a severity level of medium.
The affected software versions include Linux kernel versions before 4.14.13.
A local user with access to the AF_ALG-based AEAD interface and pcrypt can exploit this vulnerability to cause a denial of service or possibly have unspecified impact.
You can find more information about CVE-2017-18075 at the following references: [Git commit link](http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d76c68109f37cb85b243a1cf0f40313afd2bae68), [GitHub commit link](https://github.com/torvalds/linux/commit/d76c68109f37cb85b243a1cf0f40313afd2bae68), [Kernel.org ChangeLog](https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.13).