CLD-42 Details
Other IDs this deficiency may be known by:
Basic Information:
Affected Package(s) |
linux |
Deficiency Type |
SECURITY |
Date Created |
2017-09-21 13:28:25 |
Date Last Modified |
2017-10-05 09:23:25 |
Version Specific Information:
Cucumber 1.0 i686 | fixed in linux-4.9.53-i686-1 |
Cucumber 1.0 x86_64 | fixed in linux-4.9.53-x86_64-1 |
Cucumber 1.1 i686 |
fixed in linux-4.9.53-i686-1 |
Cucumber 1.1 x86_64 |
fixed in linux-4.9.53-x86_64-1 |
Details:
A security flaw was discovered in the nl80211_set_rekey_data() function in
net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does
not check whether the required attributes are present in a Netlink request. This
request can be issued by a user with the CAP_NET_ADMIN capability and may result
in a NULL pointer dereference and system crash
(https://nvd.nist.gov/vuln/detail/CVE-2017-12153).
This has been fixed upstream by commit e785fa0a164aa11001cba931367c7f94ffaff888.
As of Thu Sep 21 13:51:00 EDT 2017, this patch has yet to be applied to the 4.9
branch of the Linux Kernel.