{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-03-29T00:00:00", "descriptions": [{"lang": "en", "value": "The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-19T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2017:1308", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1308"}, {"tags": ["x_refsource_MISC"], "url": "https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://source.android.com/security/bulletin/2017-07-01"}, {"name": "RHSA-2018:1854", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1854"}, {"name": "97234", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97234"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://patchwork.ozlabs.org/patch/744812/"}, {"name": "41994", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/41994/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://patchwork.ozlabs.org/patch/744813/"}, {"name": "44654", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/44654/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://patchwork.ozlabs.org/patch/744811/"}, {"name": "RHSA-2017:1298", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1298"}, {"name": "RHSA-2017:1297", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1297"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7308", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:1308", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1308"}, {"name": "https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html", "refsource": "MISC", "url": "https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html"}, {"name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01"}, {"name": "RHSA-2018:1854", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1854"}, {"name": "97234", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97234"}, {"name": "https://patchwork.ozlabs.org/patch/744812/", "refsource": "CONFIRM", "url": "https://patchwork.ozlabs.org/patch/744812/"}, {"name": "41994", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/41994/"}, {"name": "https://patchwork.ozlabs.org/patch/744813/", "refsource": "CONFIRM", "url": "https://patchwork.ozlabs.org/patch/744813/"}, {"name": "44654", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44654/"}, {"name": "https://patchwork.ozlabs.org/patch/744811/", "refsource": "CONFIRM", "url": "https://patchwork.ozlabs.org/patch/744811/"}, {"name": "RHSA-2017:1298", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1298"}, {"name": "RHSA-2017:1297", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1297"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:56:36.470Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2017:1308", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1308"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://source.android.com/security/bulletin/2017-07-01"}, {"name": "RHSA-2018:1854", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1854"}, {"name": "97234", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/97234"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://patchwork.ozlabs.org/patch/744812/"}, {"name": "41994", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/41994/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://patchwork.ozlabs.org/patch/744813/"}, {"name": "44654", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/44654/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://patchwork.ozlabs.org/patch/744811/"}, {"name": "RHSA-2017:1298", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1298"}, {"name": "RHSA-2017:1297", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1297"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-7308", "datePublished": "2017-03-29T20:00:00", "dateReserved": "2017-03-29T00:00:00", "dateUpdated": "2024-08-05T15:56:36.470Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9E99162-FBEA-42EC-ACAE-44EC9FA5D43C", "versionEndExcluding": "3.2.89", "versionStartIncluding": "2.6.27", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "314F9C88-C8E1-46EF-8119-538C824ED137", "versionEndExcluding": "3.10.107", "versionStartIncluding": "3.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "75647580-464B-4AEF-8DE2-F17D1748F182", "versionEndExcluding": "3.12.74", "versionStartIncluding": "3.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "50A4478F-EC43-46DF-AE23-9298AE3F8892", "versionEndExcluding": "3.16.44", "versionStartIncluding": "3.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8104AAC1-9700-4372-8E11-37B09309A76F", "versionEndExcluding": "3.18.52", "versionStartIncluding": "3.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9019BEC9-FE77-4506-A019-B8B4D8BCEBAE", "versionEndExcluding": "4.1.41", "versionStartIncluding": "3.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF5669AA-0250-493C-9D38-F0B563103943", "versionEndExcluding": "4.4.66", "versionStartIncluding": "4.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "92A58CFB-13B7-4E99-8A14-A0308E4F126A", "versionEndExcluding": "4.9.26", "versionStartIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "90895EF1-9DC7-4E47-A937-405661F7A44B", "versionEndExcluding": "4.10.14", "versionStartIncluding": "4.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls."}, {"lang": "es", "value": "La funci\u00f3n packet_set_ring en el archivo net/packet/af_packet.c en el kernel de Linux hasta versi\u00f3n 4.10.6, no comprueba apropiadamente ciertos datos de tama\u00f1o de bloque, lo que permite a los usuarios locales causar una denegaci\u00f3n de servicio (error de firma de enteros y escritura fuera de l\u00edmites), y alcanzar privilegios (si se mantiene la capacidad CAP_NET_RAW), por medio de llamadas de sistema dise\u00f1adas."}], "id": "CVE-2017-7308", "lastModified": "2023-02-14T18:32:40.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-29T20:59:00.373", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97234"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1297"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1298"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1308"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1854"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://patchwork.ozlabs.org/patch/744811/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://patchwork.ozlabs.org/patch/744812/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://patchwork.ozlabs.org/patch/744813/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://source.android.com/security/bulletin/2017-07-01"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/41994/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/44654/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-681"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:1854", "cpe": "cpe:/o:redhat:enterprise_linux:6", "impact": "moderate", "package": "kernel-0:2.6.32-754.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2018-06-19T00:00:00Z"}, {"advisory": "RHSA-2017:1298", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-514.21.1.rt56.438.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-05-25T00:00:00Z"}, {"advisory": "RHSA-2017:1308", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-514.21.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-05-25T00:00:00Z"}, {"advisory": "RHSA-2017:1297", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-1:3.10.0-514.rt56.221.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2017-05-25T00:00:00Z"}], "bugzilla": {"description": "kernel: net/packet: overflow in check for priv area size", "id": "1437404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437404"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-120", "details": ["The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.", "It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow resulting in a system crash or a privilege escalation."], "name": "CVE-2017-7308", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2017-03-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-7308\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7308\nhttps://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html"], "statement": "This issue does not affect Red Hat Enterprise Linux 5.\nIn a default or common use of Red Hat Enterprise Linux 6 and 7 this issue does not allow an unprivileged local user elevate their privileges on the system. In order to exploit this issue the attacker needs CAP_NET_RAW capability, which needs to be granted by the administrator to the attacker's account. Since Red Hat Enterprise Linux 6 does not have namespaces support and Red Hat Enterprise Linux 7 does not have unprivileged user namespaces enabled by default, local unprivileged users also cannot abuse namespaces feature to grant this capability to themselves and elevate their privileges.\nSo, this issue does not affect Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 in the default configuration. Future updates for the respective releases will address this issue to secure non-default configurations.\nIn the non-default configuration mentioned above only Red Hat Enterprise Linux 7 is vulnerable to a privilege escalation. Red Hat Enterprise Linux 6 is vulnerable only to a denial of service (DoS) due to a system crash, hence the impact on Red Hat Enterprise Linux 6 is rated as being Moderate.", "threat_severity": "Important"}