CVE-2017-2618

Published: Jul 27, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

Affected (11)

Products: Linux: Linux Kernel · Debian: Debian Linux · Redhat: Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Workstation

1 product

1 product

6 products

Enterprise Linux

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Workstation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 4.9.10

Configuration B

10 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.3
Redhat Enterprise Linux Server Aus	Version 7.4
Redhat Enterprise Linux Server Eus	Version 7.3
Redhat Enterprise Linux Server Eus	Version 7.4
Redhat Enterprise Linux Server Eus	Version 7.5
Redhat Enterprise Linux Workstation	Version 7.0

Related CWEs

Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

References (16)

http://www.securityfocus.com/bid/96272

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:0931

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:0932

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:0933

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c461cb727d146c9ef2d3e86214f498b78b7d125

Source: secalert@redhat.com

PatchVendor Advisory

https://marc.info/?l=selinux&m=148588165923772&w=2

Source: secalert@redhat.com

PatchThird Party Advisory

https://www.debian.org/security/2017/dsa-3791

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/96272

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:0931

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:0932

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:0933

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c461cb727d146c9ef2d3e86214f498b78b7d125

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://marc.info/?l=selinux&m=148588165923772&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.debian.org/security/2017/dsa-3791

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.