CVE-2017-7184

Impact:
Important
Public Date:
2017-03-29
CWE:
CWE-122
Bugzilla:
1435153: CVE-2017-7184 kernel: Out-of-bounds heap access in xfrm
Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation.

Find out more about CVE-2017-7184 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. In a default or common use of Red Hat Enterprise Linux 7 and MRG-2 this issue does not allow an unprivileged local or remote user to elevate their privileges on the system.

In order to exploit this issue the attacker needs CAP_NET_ADMIN capability, which needs to be granted especially by the administrator to the attacker's process. This in turn requires granting CAP_NET_ADMIN capability to the process' binary and/or attacker's account.

Another possibility to obtain CAP_NET_ADMIN capability in Red Hat Enterprise Linux 7 for an attacker is running a process inside a user+network namespace with mapped root privileges inside the namespace. Since Red Hat Enterprise Linux 7 does not have unprivileged user namespaces enabled by default, local or remote unprivileged users also cannot abuse namespaces to grant this capability to themselves and elevate their privileges.

Given the severity of this issue, future Linux kernel updates for the Red Hat Enterprise Linux 7 and MRG-2 products are planned to address it.

CVSS v3 metrics

CVSS3 Base Score 7.8
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) RHSA-2017:2931 2017-10-19
Red Hat Enterprise Linux 7 (kernel) RHSA-2017:2930 2017-10-19
Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) RHSA-2017:2918 2017-10-19

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Affected
Red Hat Enterprise Linux 6 kernel Not affected
Red Hat Enterprise Linux 5 kernel Not affected

Acknowledgements

Red Hat would like to thank Chaitin Security Research Lab for reporting this issue.

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.