CVE-2017-17806

Published: Dec 20, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.

Affected (22)

Products: Linux: Linux Kernel · Debian: Debian Linux · Opensuse: Leap · +3 more

Show all products

Linux: Linux Kernel · Debian: Debian Linux · Opensuse: Leap · Opensuse Project: Leap · Suse: Linux Enterprise Desktop, Linux Enterprise Server, Linux Enterprise Server For Raspberry Pi · Canonical: Ubuntu Linux

1 product

1 product

1 product

1 product

3 products

Linux Enterprise Desktop

Linux Enterprise Server

Linux Enterprise Server For Raspberry Pi

Canonical

1 product

Ubuntu Linux

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 3.2.97
Linux Linux Kernel	From 3.17 to 3.18.89
Linux Linux Kernel	From 3.19 to 4.1.49
Linux Linux Kernel	From 3.3 to 3.16.52
Linux Linux Kernel	From 4.10 to 4.14.8
Linux Linux Kernel	From 4.2 to 4.4.107
Linux Linux Kernel	From 4.5 to 4.9.71

Configuration B

11 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0
Opensuse Leap	Version 42.2
Opensuse Project Leap	Version 42.3
Suse Linux Enterprise Desktop	Version 12 sp2
Suse Linux Enterprise Desktop	Version 12 sp3
Suse Linux Enterprise Server	Version 11 extra
Suse Linux Enterprise Server	Version 11 sp4
Suse Linux Enterprise Server	Version 12 sp2
Suse Linux Enterprise Server	Version 12 sp3
Suse Linux Enterprise Server For Raspberry Pi	Version 12 sp2

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 17.10

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (42)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1

Source: cve@mitre.org

Patch

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html

Source: cve@mitre.org

Issue TrackingThird Party Advisory

http://www.securityfocus.com/bid/102293

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:2948

Source: cve@mitre.org

Third Party Advisory

https://github.com/torvalds/linux/commit/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1

Source: cve@mitre.org

Patch

https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3583-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3583-2/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3617-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3617-2/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3617-3/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3619-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3619-2/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3632-1/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2017/dsa-4073

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2018/dsa-4082

Source: cve@mitre.org

Third Party Advisory

https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8

Source: cve@mitre.org

Issue TrackingRelease Notes

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1