CVE-2017-17805

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2017-17805
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e Patch
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html Third Party Advisory
http://www.securityfocus.com/bid/102291 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:2948 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3083 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3096 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2473 Third Party Advisory
https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e Patch
https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html Third Party Advisory
https://usn.ubuntu.com/3617-1/ Third Party Advisory
https://usn.ubuntu.com/3617-2/ Third Party Advisory
https://usn.ubuntu.com/3617-3/ Third Party Advisory
https://usn.ubuntu.com/3619-1/ Third Party Advisory
https://usn.ubuntu.com/3619-2/ Third Party Advisory
https://usn.ubuntu.com/3620-1/ Third Party Advisory
https://usn.ubuntu.com/3620-2/ Third Party Advisory
https://usn.ubuntu.com/3632-1/ Third Party Advisory
https://www.debian.org/security/2017/dsa-4073 Third Party Advisory
https://www.debian.org/security/2018/dsa-4082 Third Party Advisory
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 Issue Tracking Release Notes
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e Patch
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html Third Party Advisory
http://www.securityfocus.com/bid/102291 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:2948 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3083 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3096 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2473 Third Party Advisory
https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e Patch
https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html Third Party Advisory
https://usn.ubuntu.com/3617-1/ Third Party Advisory
https://usn.ubuntu.com/3617-2/ Third Party Advisory
https://usn.ubuntu.com/3617-3/ Third Party Advisory
https://usn.ubuntu.com/3619-1/ Third Party Advisory
https://usn.ubuntu.com/3619-2/ Third Party Advisory
https://usn.ubuntu.com/3620-1/ Third Party Advisory
https://usn.ubuntu.com/3620-2/ Third Party Advisory
https://usn.ubuntu.com/3632-1/ Third Party Advisory
https://www.debian.org/security/2017/dsa-4073 Third Party Advisory
https://www.debian.org/security/2018/dsa-4082 Third Party Advisory
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 Issue Tracking Release Notes
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse_project:leap:42.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:extra:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server_for_raspberry_pi:12:sp2:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
History

21 Nov 2024, 03:18

Type Values Removed Values Added
References () http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e - Patch () http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e - Patch
References () http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html - Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html - Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html - Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html - Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html - Third Party Advisory
References () http://www.securityfocus.com/bid/102291 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/102291 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHSA-2018:2948 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2018:2948 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2018:3083 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2018:3083 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2018:3096 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2018:3096 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2019:2473 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2019:2473 - Third Party Advisory
References () https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e - Patch () https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e - Patch
References () https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html - Third Party Advisory () https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html - Third Party Advisory
References () https://usn.ubuntu.com/3617-1/ - Third Party Advisory () https://usn.ubuntu.com/3617-1/ - Third Party Advisory
References () https://usn.ubuntu.com/3617-2/ - Third Party Advisory () https://usn.ubuntu.com/3617-2/ - Third Party Advisory
References () https://usn.ubuntu.com/3617-3/ - Third Party Advisory () https://usn.ubuntu.com/3617-3/ - Third Party Advisory
References () https://usn.ubuntu.com/3619-1/ - Third Party Advisory () https://usn.ubuntu.com/3619-1/ - Third Party Advisory
References () https://usn.ubuntu.com/3619-2/ - Third Party Advisory () https://usn.ubuntu.com/3619-2/ - Third Party Advisory
References () https://usn.ubuntu.com/3620-1/ - Third Party Advisory () https://usn.ubuntu.com/3620-1/ - Third Party Advisory
References () https://usn.ubuntu.com/3620-2/ - Third Party Advisory () https://usn.ubuntu.com/3620-2/ - Third Party Advisory
References () https://usn.ubuntu.com/3632-1/ - Third Party Advisory () https://usn.ubuntu.com/3632-1/ - Third Party Advisory
References () https://www.debian.org/security/2017/dsa-4073 - Third Party Advisory () https://www.debian.org/security/2017/dsa-4073 - Third Party Advisory
References () https://www.debian.org/security/2018/dsa-4082 - Third Party Advisory () https://www.debian.org/security/2018/dsa-4082 - Third Party Advisory
References () https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 - Issue Tracking, Release Notes () https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 - Issue Tracking, Release Notes
Information

Published : 2017-12-20 23:29

Updated : 2024-11-21 03:18

NVD link : CVE-2017-17805

Mitre link : CVE-2017-17805

CVE.ORG link : CVE-2017-17805

JSON object : View

Products Affected

suse

  • linux_enterprise_server
  • linux_enterprise_desktop
  • linux_enterprise_server_for_raspberry_pi

canonical

  • ubuntu_linux

opensuse_project

  • leap

opensuse

  • leap

linux

  • linux_kernel

debian

  • debian_linux
CWE
CWE-20

Improper Input Validation


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024