SB2017121540 - Fedora 26 update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017121540

SB2017121540 - Fedora 26 update for kernel

Published: December 15, 2017 Updated: April 24, 2025

Security Bulletin ID SB2017121540
Severity
Low
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2017-17449)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace. A local attacker can leverage the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system and read arbitrary files.

2) Security restrictions bypass (CVE-ID: CVE-2017-17450)

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to net/netfilter/xt_osf.c in the Linux kernel through does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations. A local attacker can bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.

3) Security restrictions bypass (CVE-ID: CVE-2017-17448)

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to net/netfilter/nfnetlink_cthelper.c in the Linux kernel does not require the CAP_NET_ADMIN capability for new, get, and del operations. A local attacker can bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.

4) Out-of-bounds write (CVE-ID: CVE-2017-17558)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel does not consider the maximum number of configurations and interfaces before attempting to release resources. A local attacker can supply specially crafted USB device, trigger out-of-bounds write access and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

5) Use-after-free error (CVE-ID: CVE-2017-8824)

The vulnerability allows a local attacker to gain elevated privileges or cause DoS condition on the target system.

The weakness exists due to an error in the dccp_disconnect function in net/dccp/proto.c in the Linux kernel. A local attacker can make specially crafted AF_UNSPEC connect system call during the DCCP_LISTEN state, trigger use-after-free error and gain root privileges or cause the system to crash.

Remediation

Install update from vendor's website.

References