[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2017-7184: kernel: Local privilege escalation in XFRM framework
From: Tyler Hicks <tyhicks () canonical ! com>
Date: 2017-03-30 14:17:45
Message-ID: 73f91775-3811-b90e-66a3-69620c3b5349 () canonical ! com
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
A PoC is not publicly available for this issue.
Tyler
On 03/29/2017 10:18 PM, Lokesh Ubuntu wrote:
> Is there any POC for this to conclude? Thanks.
>
> Regards, Lokesh
>
> On Mar 30, 2017 03:14, "Tyler Hicks" <tyhicks@canonical.com
> <mailto:tyhicks@canonical.com>> wrote:
>
> A security issue was reported by ZDI, on behalf of Chaitin Security
> Research Lab, against the Linux kernel in Ubuntu. It also affected the
> upstream kernel.
>
> Chaitin Security Research Lab discovered that xfrm_replay_verify_len(),
> as called by xfrm_new_ae(), did not verify that the user-specified
> replay_window was within the replay state buffer.
>
> This allowed for out-of-bounds reads and writes of kernel memory.
> Chaitin Security showed that this can lead to local privilege escalation
> by using user namespaces in order to configure XFRM. XFRM configuration
> requires CAP_NET_ADMIN so this issue is mitigated in kernels which do
> not enable user namespaces by default.
>
> Fixes:
> -
> https://git.kernel.org/linus/677e806da4d916052585301785d847c3b3e6186a \
> <https://git.kernel.org/linus/677e806da4d916052585301785d847c3b3e6186a>
> -
> https://git.kernel.org/linus/f843ee6dd019bcece3e74e76ad9df0155655d0df \
> <https://git.kernel.org/linus/f843ee6dd019bcece3e74e76ad9df0155655d0df>
> Tyler
>
>
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic