The HMAC implementation (crypto/hmac.c) in the Linux kernel, before 4.14.8, does not validate that the underlying cryptographic hash algorithm is unkeyed. This allows a local attacker, able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3), to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.
Find out more about CVE-2017-17806 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, and 7, its real-time kernel and Red Hat Enterprise MRG 2.
This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.
CVSS3 Base Score | 5.5 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Attack Vector | Local |
Attack Complexity | Low |
Privileges Required | Low |
User Interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity Impact | None |
Availability Impact | High |
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux 7 (kernel-alt) | RHSA-2018:2948 | 2018-10-30 |
Platform | Package | State |
---|---|---|
Red Hat Enterprise MRG 2 | realtime-kernel | Not affected |
Red Hat Enterprise Linux 7 | kernel-rt | Not affected |
Red Hat Enterprise Linux 7 | kernel | Not affected |
Red Hat Enterprise Linux 6 | kernel | Not affected |
Red Hat Enterprise Linux 5 | kernel | Not affected |