CVE-2017-7482 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2017-7482?

CVE-2017-7482 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-7482?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Redhat Enterprise Mrg.

Vulnerability Description

In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 3.2.90
Debian	Debian Linux	8.0
Redhat	Enterprise Mrg	2.0

Related Weaknesses (CWE)

CWE-190

References

http://seclists.org/oss-sec/2017/q2/602Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/99299Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1038787Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2019:0641Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482Issue TrackingPatchThird Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fPatchVendor Advisory
https://www.debian.org/security/2017/dsa-3927Third Party Advisory
https://www.debian.org/security/2017/dsa-3945Third Party Advisory
http://seclists.org/oss-sec/2017/q2/602Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/99299Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1038787Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2019:0641Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482Issue TrackingPatchThird Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fPatchVendor Advisory
https://www.debian.org/security/2017/dsa-3927Third Party Advisory

FAQ

What is CVE-2017-7482?

CVE-2017-7482 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the d...

How severe is CVE-2017-7482?

CVE-2017-7482 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-7482?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Redhat Enterprise Mrg.