CLD-42 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-12153 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) linux
Deficiency Type SECURITY
Date Created 2017-09-21 13:28:25
Date Last Modified 2017-10-05 09:23:25

Version Specific Information:

Cucumber 1.0 i686fixed in linux-4.9.53-i686-1
Cucumber 1.0 x86_64fixed in linux-4.9.53-x86_64-1

Cucumber 1.1 i686 fixed in linux-4.9.53-i686-1
Cucumber 1.1 x86_64 fixed in linux-4.9.53-x86_64-1

Details:

A security flaw was discovered in the nl80211_set_rekey_data() function in
net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does
not check whether the required attributes are present in a Netlink request. This
request can be issued by a user with the CAP_NET_ADMIN capability and may result
in a NULL pointer dereference and system crash
(https://nvd.nist.gov/vuln/detail/CVE-2017-12153).

This has been fixed upstream by commit e785fa0a164aa11001cba931367c7f94ffaff888.
As of Thu Sep 21 13:51:00 EDT 2017, this patch has yet to be applied to the 4.9
branch of the Linux Kernel.