CLD-25 Details
Other IDs this deficiency may be known by:
Basic Information:
Affected Package(s) |
linux |
Deficiency Type |
SECURITY |
Date Created |
2017-09-15 16:17:51 |
Date Last Modified |
2017-09-20 13:20:06 |
Version Specific Information:
Cucumber 1.0 i686 | fixed in linux-4.9.51-i686-1 |
Cucumber 1.0 x86_64 | fixed in linux-4.9.51-x86_64-1 |
Cucumber 1.1 i686 |
fixed in linux-4.9.51-i686-1 |
Cucumber 1.1 x86_64 |
fixed in linux-4.9.51-x86_64-1 |
Details:
The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before
4.13 mishandles vnet headers, which might allow local users to cause a denial of
service (buffer overflow, and disk and memory corruption) or possibly have
unspecified other impact via crafted system calls
(https://nvd.nist.gov/vuln/detail/CVE-2017-14497).
There is a patch available at https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=edbd58be15a957f6a760c4a514cd475217eb97fd.
This patch has been applied in the 4.13 version but (as of Fri Sep 15 16:46:48
EDT 2017) has yet to be applied to the 4.9 stable branch.
**EDIT** As of Wed Sep 20 13:08:31 EDT 2017 this patch has been applied to the
4.9.51 version of the Linux kernel.