Published: 19/03/2017 Updated: 10/02/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel up to and including 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux_kernel 4.8
linux linux kernel

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...

The skbs processed by ip_cmsg_recv() are not guaranteed to be linear (eg when sending UDP packets over loopback with MSGMORE) Using csum_partial() on potentially the whole skb len is dangerous; instead be on the safe side and use skb_checksum() This may lead to an infoleak as the kernel memory may be checksummed and sent as part of the packet ...

The system could be made to crash or run programs as an administrator ...

Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation ...

A local privilege escalation vulnerability has been found in the Linux kernel Chaitin Security Research Lab discovered that xfrm_replay_verify_len(), as called by xfrm_new_ae(), did not verify that the user-specified replay_window was within the replay state buffer This allowed for out-of-bounds reads and writes of kernel memory Chaitin Security ...

kernel-pwn [+] Some Real-World vulnerability analyse Integer Overflow in BPF CVE-2017-16995 CVE-2017-7184 [+] some kernel PWN challenge I finished CISCN 2017 babydriver 0CTF 2018 final baby QWB 2018 CTF solid_core CSAW-2015-CTF stringipc WCTF 2018 klist *CTF 2019 hackme 0CTF 2018 zer0fs about VFS in linux, Something new for me Vulnerability is simple , bounds memory read and

A eBPF framework to prevent discovered error from being triggered

PET our paper: PET: Prevent Discovered Errors from Being Triggered in the Linux Kernel 1-evaluation: the artifact evaluation programs 2-source-code: more implemtation details 3-user-guidance: helper individuals develop new BPF prevention programs abstract This artifact is applying for an Artifacts Available badge, an Artifacts Functional badge, and an Results Reproduced b

practice

some exploits for practise cve-2015-1805 cve-2017-7184 just a practice, should use setcap tool cve-2017-2636 SMAP/SMEP bypass cve-2017-8890_v0 with nosmep, nosmap cve-2017-8890_v1 with smep, nosmap cve-2017-8890_v2 with smep, nosmap, for SLUB xfrm_poc RE challenge

blog

一些文档 cve-2017-7184 cve-2017-2636 exploit linux kernel double-free flaws

NVD-CWE-noinfo https://twitter.com/thezdi/status/842126074435665920 https://blog.trendmicro.com/results-pwn2own-2017-day-one/http://www.eweek.com/security/ubuntu-linux-falls-on-day-1-of-pwn2own-hacking-competition http://www.securityfocus.com/bid/97018 https://github.com/torvalds/linux/commit/f843ee6dd019bcece3e74e76ad9df0155655d0df https://github.com/torvalds/linux/commit/677e806da4d916052585301785d847c3b3e6186a http://openwall.com/lists/oss-security/2017/03/29/2 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f843ee6dd019bcece3e74e76ad9df0155655d0df http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=677e806da4d916052585301785d847c3b3e6186a https://source.android.com/security/bulletin/2017-05-01 http://www.securitytracker.com/id/1038166 https://access.redhat.com/errata/RHSA-2017:2931 https://access.redhat.com/errata/RHSA-2017:2930 https://access.redhat.com/errata/RHSA-2017:2918 https://access.redhat.com/errata/RHSA-2019:4159 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2017:2918 https://github.com/purplewall1206/PET https://alas.aws.amazon.com/ALAS-2017-811.html https://usn.ubuntu.com/3249-1/

CVE-2017-7184

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect