Your submission was sent successfully! Close

CVE-2017-7184

Published: 19 March 2017

The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.

From the Ubuntu security team

It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges.

Priority

High

CVSS 3 base score: 7.8

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
artful Not vulnerable
(4.10.0-19.21)
precise
Released (3.2.0-125.168)
trusty
Released (3.13.0-115.162)
upstream
Released (4.11~rc5)
xenial
Released (4.4.0-71.92)
yakkety
Released (4.8.0-45.48)
zesty Not vulnerable
(4.10.0-19.21)
Patches:
Introduced by

d51d081d65048a7a6f9956a7809c3bb504f3b95d

Fixed by 677e806da4d916052585301785d847c3b3e6186a
Introduced by

d51d081d65048a7a6f9956a7809c3bb504f3b95d

Fixed by f843ee6dd019bcece3e74e76ad9df0155655d0df
linux-armadaxp
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist
(precise was released [3.2.0-1686.113])
trusty Does not exist

upstream
Released (4.11~rc5)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-aws
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Not vulnerable
(4.4.0-1002.2)
upstream
Released (4.11~rc5)
xenial
Released (4.4.0-1012.21)
yakkety Does not exist

zesty Does not exist

linux-azure
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Not vulnerable
(4.15.0-1023.24~14.04.1)
upstream
Released (4.11~rc5)
xenial Not vulnerable
(4.11.0-1009.9)
yakkety Does not exist

zesty Does not exist

linux-euclid
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.11~rc5)
xenial Not vulnerable
(4.4.0-9019.20)
zesty Does not exist

linux-flo
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored)
upstream
Released (4.11~rc5)
xenial Ignored
(abandoned)
yakkety Ignored
(abandoned)
zesty Does not exist

linux-gcp
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.11~rc5)
xenial Not vulnerable
(4.10.0-1004.4)
yakkety Does not exist

zesty Does not exist

linux-gke
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.11~rc5)
xenial
Released (4.4.0-1009.9)
yakkety Does not exist

zesty Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored)
upstream
Released (4.11~rc5)
xenial Ignored
(abandoned)
yakkety Ignored
(abandoned)
zesty Ignored
(abandoned)
linux-grouper
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored)
upstream
Released (4.11~rc5)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.11~rc5)
xenial
Released (4.8.0-45.48~16.04.1)
yakkety Does not exist

zesty Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.11~rc5)
xenial
Released (4.8.0-45.48~16.04.1)
yakkety Does not exist

zesty Does not exist

linux-kvm
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.11~rc5)
xenial Not vulnerable
(4.4.0-1004.9)
zesty Does not exist

linux-linaro-omap
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist
(precise was ignored [abandoned])
trusty Does not exist

upstream
Released (4.11~rc5)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-linaro-shared
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist
(precise was ignored [abandoned])
trusty Does not exist

upstream
Released (4.11~rc5)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-linaro-vexpress
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist
(precise was ignored [abandoned])
trusty Does not exist

upstream
Released (4.11~rc5)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-quantal
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist
(precise was ignored [end-of-life])
trusty Does not exist

upstream
Released (4.11~rc5)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-lts-raring
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist
(precise was ignored [end-of-life])
trusty Does not exist

upstream
Released (4.11~rc5)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-saucy
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist
(precise was ignored [end-of-life])
trusty Does not exist

upstream
Released (4.11~rc5)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-lts-trusty
Launchpad, Ubuntu, Debian
artful Does not exist

precise
Released (3.13.0-115.162~precise1)
trusty Does not exist

upstream
Released (4.11~rc5)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-utopic
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [out of standard support])
upstream
Released (4.11~rc5)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-vivid
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [was needed now end-of-life])
upstream
Released (4.11~rc5)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-wily
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [out of standard support])
upstream
Released (4.11~rc5)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty
Released (4.4.0-71.92~14.04.1)
upstream
Released (4.11~rc5)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-maguro
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored)
upstream
Released (4.11~rc5)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-mako
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored)
upstream
Released (4.11~rc5)
xenial Ignored
(abandoned)
yakkety Ignored
(abandoned)
zesty Does not exist

linux-manta
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored)
upstream
Released (4.11~rc5)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-oem
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.11~rc5)
xenial Not vulnerable
(4.13.0-1008.9)
zesty Does not exist

linux-qcm-msm
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist
(precise was ignored [abandoned])
trusty Does not exist

upstream
Released (4.11~rc5)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
artful Not vulnerable
(4.10.0-1004.6)
precise Does not exist

trusty Does not exist

upstream
Released (4.11~rc5)
xenial
Released (4.4.0-1051.58)
yakkety
Released (4.8.0-1032.35)
zesty Not vulnerable
(4.10.0-1003.5)
linux-snapdragon
Launchpad, Ubuntu, Debian
artful Not vulnerable
(4.4.0-1055.59)
precise Does not exist

trusty Does not exist

upstream
Released (4.11~rc5)
xenial
Released (4.4.0-1054.58)
yakkety
Released (4.4.0-1055.59)
zesty
Released (4.4.0-1055.59)
linux-ti-omap4
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist
(precise was released [3.2.0-1503.130])
trusty Does not exist

upstream
Released (4.11~rc5)
xenial Does not exist

yakkety Does not exist

zesty Does not exist