An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 02:41
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-08-13 14:15
Updated : 2024-02-28 17:08
NVD link : CVE-2017-18509
Mitre link : CVE-2017-18509
CVE.ORG link : CVE-2017-18509
JSON object : View
Products Affected
debian
- debian_linux
linux
- linux_kernel
canonical
- ubuntu_linux
CWE
CWE-20
Improper Input Validation