Vulnerability Description
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.0, < 4.14.11 |
| Fedoraproject | Fedora | 27 |
| Canonical | Ubuntu Linux | 14.04 |
| Redhat | Enterprise Linux | 7.0 |
| Redhat | Enterprise Linux Compute Node Eus | 7.4 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Eus | 7.4 |
| Redhat | Enterprise Linux For Ibm Z Systems | 7.0 |
| Redhat | Enterprise Linux For Ibm Z Systems Eus | 7.4 |
| Redhat | Enterprise Linux For Power Big Endian | 7.0 |
| Redhat | Enterprise Linux For Power Big Endian Eus | 7.4 |
| Redhat | Enterprise Linux For Power Little Endian Eus | 7.4 |
| Redhat | Enterprise Linux For Real Time | 7.0 |
| Redhat | Enterprise Linux For Real Time For Nfv | 7 |
| Redhat | Enterprise Linux For Scientific Computing | 7.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Server Aus | 7.4 |
| Redhat | Enterprise Linux Server Tus | 7.4 |
| Redhat | Enterprise Linux Server Update Services For Sap Solutions | 7.4 |
| Redhat | Enterprise Linux Workstation | 7.0 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b594Patch
- http://seclists.org/oss-sec/2018/q1/7Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/102485Broken Link
- https://access.redhat.com/errata/RHSA-2018:0654Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:0676Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:1062Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:1946Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2017-15129Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1531174Issue TrackingPatchThird Party Advisory
- https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007fPatch
- https://marc.info/?l=linux-netdev&m=151370451121029&w=2Mailing ListPatchThird Party Advisory
- https://marc.info/?t=151370468900001&r=1&w=2Mailing ListThird Party Advisory
- https://usn.ubuntu.com/3617-1/Third Party Advisory
- https://usn.ubuntu.com/3617-2/Third Party Advisory
- https://usn.ubuntu.com/3617-3/Third Party Advisory
FAQ
What is CVE-2017-15129?
CVE-2017-15129 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::c...
How severe is CVE-2017-15129?
CVE-2017-15129 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-15129?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Canonical Ubuntu Linux, Redhat Enterprise Linux, Redhat Enterprise Linux Compute Node Eus.