CVE-2017-7184

Published: 19 March 2017

The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.

From the Ubuntu security team

It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges.

Priority

High

CVSS 3 base score: 7.8

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.4.0-71.92)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.13.0-115.162)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by 677e806da4d916052585301785d847c3b3e6186a
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by f843ee6dd019bcece3e74e76ad9df0155655d0df
linux-armadaxp
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-aws
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.4.0-1012.21)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.4.0-1002.2)
linux-azure
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.11.0-1009.9)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.15.0-1023.24~14.04.1)
linux-euclid
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.4.0-9019.20)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-flo
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(abandoned)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-gcp
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.10.0-1004.4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gke
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.4.0-1009.9)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(abandoned)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-grouper
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-hwe
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.8.0-45.48~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.8.0-45.48~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-kvm
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.4.0-1004.9)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-linaro-omap
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-linaro-shared
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-linaro-vexpress
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-quantal
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-lts-raring
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-saucy
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-lts-trusty
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-utopic
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [out of standard support])
linux-lts-vivid
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [was needed now end-of-life])
linux-lts-wily
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [out of standard support])
linux-lts-xenial
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.4.0-71.92~14.04.1)
linux-maguro
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-mako
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(abandoned)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-manta
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-oem
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.13.0-1008.9)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-qcm-msm
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.4.0-1051.58)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-snapdragon
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.4.0-1054.58)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (4.11~rc5)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist