CLD-25 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-14497 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) linux
Deficiency Type SECURITY
Date Created 2017-09-15 16:17:51
Date Last Modified 2017-09-20 13:20:06

Version Specific Information:

Cucumber 1.0 i686 fixed in linux-4.9.51-i686-1
Cucumber 1.0 x86_64 fixed in linux-4.9.51-x86_64-1

Cucumber 1.1 i686 fixed in linux-4.9.51-i686-1
Cucumber 1.1 x86_64 fixed in linux-4.9.51-x86_64-1

Details:

The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before
4.13 mishandles vnet headers, which might allow local users to cause a denial of
service (buffer overflow, and disk and memory corruption) or possibly have
unspecified other impact via crafted system calls
(https://nvd.nist.gov/vuln/detail/CVE-2017-14497).

There is a patch available at https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=edbd58be15a957f6a760c4a514cd475217eb97fd.
This patch has been applied in the 4.13 version but (as of Fri Sep 15 16:46:48
EDT 2017) has yet to be applied to the 4.9 stable branch.

**EDIT** As of Wed Sep 20 13:08:31 EDT 2017 this patch has been applied to the
4.9.51 version of the Linux kernel.