CVE-2017-11600
The xfrm_migrate() function in the net/xfrm/xfrm_policy.c file in the Linux kernel built with CONFIG_XFRM_MIGRATE does not verify if the dir parameter is less than XFRM_POLICY_MAX. This allows a local attacker to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact by sending a XFRM_MSG_MIGRATE netlink message. This flaw is present in the Linux kernel since an introduction of XFRM_MSG_MIGRATE in 2.6.21-rc1, up to 4.13-rc3.
Find out more about CVE-2017-11600 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed or is not exploitable.
This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for these products may address this issue.
CVSS v3 metrics
| CVSS3 Base Score | 5.5 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity Impact | None |
| Availability Impact | High |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 7 (kernel) | RHSA-2018:1965 | 2018-06-26 |
| Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) | RHSA-2018:2003 | 2018-06-26 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise MRG 2 | realtime-kernel | Will not fix |
| Red Hat Enterprise Linux 7 | kernel-alt | Will not fix |
| Red Hat Enterprise Linux 6 | kernel | Not affected |
| Red Hat Enterprise Linux 5 | kernel | Not affected |