CVE-2017-7308

Impact:: Important
Public Date:: 2017-03-29
CWE:: CWE-120

Bugzilla:: 1437404: CVE-2017-7308 kernel: net/packet: overflow in check for priv area size

It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow resulting in a system crash or a privilege escalation.

Find out more about CVE-2017-7308 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect Red Hat Enterprise Linux 5.

In a default or common use of Red Hat Enterprise Linux 6 and 7 this issue does not allow an unprivileged local user elevate their privileges on the system. In order to exploit this issue the attacker needs CAP_NET_RAW capability, which needs to be granted by the administrator to the attacker's account. Since Red Hat Enterprise Linux 6 does not have namespaces support and Red Hat Enterprise Linux 7 does not have unprivileged user namespaces enabled by default, local unprivileged users also cannot abuse namespaces feature to grant this capability to themselves and elevate their privileges.

So, this issue does not affect Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 in the default configuration. Future updates for the respective releases will address this issue to secure non-default configurations.

In the non-default configuration mentioned above only Red Hat Enterprise Linux 7 is vulnerable to a privilege escalation. Red Hat Enterprise Linux 6 is vulnerable only to a denial of service (DoS) due to a system crash, hence the impact on Red Hat Enterprise Linux 6 is rated as being Moderate.

CVSS v3 metrics

CVSS3 Base Score	7
CVSS3 Base Metrics	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector	Local
Attack Complexity	High
Privileges Required	Low
User Interaction	None
Scope	Unchanged
Confidentiality	High
Integrity Impact	High
Availability Impact	High

Red Hat Security Errata

Platform	Errata	Release Date
Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt)	RHSA-2017:1297	2017-05-25
Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt)	RHSA-2017:1298	2017-05-25
Red Hat Enterprise Linux 6 (kernel)	RHSA-2018:1854	2018-06-19
Red Hat Enterprise Linux 7 (kernel)	RHSA-2017:1308	2017-05-25

Affected Packages State

Platform	Package	State
Red Hat Enterprise MRG 2	realtime-kernel	Affected
Red Hat Enterprise Linux 5	kernel	Not affected

External References

https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html

Last Modified 2018-08-03T09:20:15+00:00

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories