SB2017032821 - Out-of-bounds read in Linux kernel
Published: March 28, 2017
Security Bulletin ID
SB2017032821
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2017-7277)
The vulnerability allows a local user to read data or crash the application.
The vulnerability exists due to an out-of-bounds read error within the __sock_recv_timestamp() function in net/socket.c, within the EXPORT_SYMBOL(), skb_complete_tx_timestamp() and __skb_tstamp_tx() functions in net/core/skbuff.c. A local user can read data or crash the application.
Remediation
Install update from vendor's website.
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ef1b2869447411ad3ef91ad7d4891a83c1a509a
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8605330aac5a5785630aec8f64378a54891937cc
- http://www.securityfocus.com/bid/97141
- https://github.com/torvalds/linux/commit/4ef1b2869447411ad3ef91ad7d4891a83c1a509a
- https://github.com/torvalds/linux/commit/8605330aac5a5785630aec8f64378a54891937cc
- https://lkml.org/lkml/2017/3/15/485
- https://patchwork.ozlabs.org/patch/740636/
- https://patchwork.ozlabs.org/patch/740639/