First published: Thu Apr 27 2017(Updated: )
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <3.2.90 | |
Linux Linux kernel | >=3.3<3.10.108 | |
Linux Linux kernel | >=3.11<3.16.45 | |
Linux Linux kernel | >=3.17<3.18.59 | |
Linux Linux kernel | >=3.19<4.1.43 | |
Linux Linux kernel | >=4.2<4.4.75 | |
Linux Linux kernel | >=4.5<4.9.35 | |
Linux Linux kernel | >=4.10<4.11.8 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Redhat Enterprise Mrg | =2.0 | |
redhat/kernel | <4.12 | 4.12 |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-7482 is medium.
CVE-2017-7482 affects the Linux kernel before version 4.12.
CVE-2017-7482 could lead to memory corruption and possible exploitation.
To fix CVE-2017-7482, you should update your Linux kernel to version 4.12 or later.
You can find more information about CVE-2017-7482 in the references provided: [1], [2], [3].