CVE-2017-2618

Impact:
Moderate
Public Date:
2017-02-16
CWE:
CWE-193
Bugzilla:
1419916: CVE-2017-2618 kernel: Off-by-one error in selinux_setprocattr (/proc/self/attr/fscreate)
A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

Find out more about CVE-2017-2618 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 due to a missing commit ( bb646cdb12e75d82258c2f2e7746d5952d3e321a ) which enabled changed system behavior.

This issue does affect Red Hat Enteprise Linux 7 and MRG-2 kernels. A future Linux kernel updates for the respective releases may address this issue.

CVSS v3 metrics

CVSS3 Base Score 5.5
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
MRG Grid for RHEL 6 Server v.2 (kernel-rt) RHSA-2017:0932 2017-04-12
Red Hat Enterprise Linux 7 (kernel) RHSA-2017:0933 2017-04-12
Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) RHSA-2017:0931 2017-04-12

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Affected
Red Hat Enterprise Linux 6 kernel Not affected
Red Hat Enterprise Linux 5 kernel Not affected

Acknowledgements

This issue was discovered by Paul Moore (Red Hat Engineering).

Mitigation

Last Modified