CVE-2017-15868

Impact:
Moderate
Public Date:
2014-12-19
CWE:
CWE-391
Bugzilla:
1522893: CVE-2017-15868 kernel: bnep_add_connection does not check if l2cap socket is available allowing privilege escalation
It was found that the Bluebooth Network Encapsulation Protocol (BNEP) implementation did not validate the type of second socket passed to the BNEPCONNADD ioctl(), which could lead to memory corruption. A local user with the CAP_NET_ADMIN capability can use this for denial of service (crash or data corruption) or possibly for privilege escalation. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we feel it is unlikely.

Find out more about CVE-2017-15868 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6, as namespaces feature, which is required for an attack, is not present in these products.

This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE, as this flaw was already fixed in this products.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 7
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Not affected
Red Hat Enterprise Linux 7 kernel-alt Not affected
Red Hat Enterprise Linux 7 kernel Not affected
Red Hat Enterprise Linux 7 kernel-rt Not affected
Red Hat Enterprise Linux 6 kernel Not affected
Red Hat Enterprise Linux 5 kernel Not affected
Last Modified