PublicDateAtUSN: 2019-08-13 Candidate: CVE-2017-18509 PublicDate: 2019-08-13 14:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18509 https://git.kernel.org/linus/99253eb750fda6a644d5188fb26c43bad8d5a745 https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-inetcsklistenstop-gpf https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99253eb750fda6a644d5188fb26c43bad8d5a745 https://github.com/torvalds/linux/commit/99253eb750fda6a644d5188fb26c43bad8d5a745 https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html https://lists.openwall.net/netdev/2017/12/04/40 https://salsa.debian.org/kernel-team/linux/commit/baefcdc2f29923e7325ce4e1a72c3ff0a9800f32 https://www.debian.org/security/2019/dsa-4497 https://ubuntu.com/security/notices/USN-4145-1 Description: An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187. Ubuntu-Description: It was discovered that the IPv6 implementation in the Linux kernel did not properly validate socket options in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Notes: Bugs: Priority: medium Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH] nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH] Patches_linux: break-fix: d1db275dd3f6e4182c4c4b4a1ac6287925d60569 99253eb750fda6a644d5188fb26c43bad8d5a745 upstream_linux: released (4.11~rc1) precise/esm_linux: ignored (was needed ESM criteria) trusty_linux: ignored (out of standard support) trusty/esm_linux: ignored (was needed ESM criteria) xenial_linux: released (4.4.0-165.193) esm-infra/xenial_linux: released (4.4.0-165.193) bionic_linux: not-affected (4.13.0-16.19) disco_linux: not-affected (4.18.0-10.11) devel_linux: not-affected (5.0.0-13.14) Patches_linux-hwe: upstream_linux-hwe: released (4.11~rc1) precise/esm_linux-hwe: DNE trusty_linux-hwe: DNE trusty/esm_linux-hwe: DNE xenial_linux-hwe: released (4.13.0-26.29~16.04.2) esm-infra/xenial_linux-hwe: released (4.13.0-26.29~16.04.2) bionic_linux-hwe: not-affected (4.18.0-13.14~18.04.1) disco_linux-hwe: DNE devel_linux-hwe: DNE Patches_linux-hwe-edge: upstream_linux-hwe-edge: released (4.11~rc1) precise/esm_linux-hwe-edge: DNE trusty_linux-hwe-edge: DNE trusty/esm_linux-hwe-edge: DNE xenial_linux-hwe-edge: released (4.13.0-26.29~16.04.2) esm-infra/xenial_linux-hwe-edge: released (4.13.0-26.29~16.04.2) bionic_linux-hwe-edge: not-affected (5.0.0-15.16~18.04.1) disco_linux-hwe-edge: DNE devel_linux-hwe-edge: DNE Patches_linux-lts-xenial: upstream_linux-lts-xenial: released (4.11~rc1) precise/esm_linux-lts-xenial: DNE trusty_linux-lts-xenial: ignored (out of standard support) trusty/esm_linux-lts-xenial: ignored (was needed ESM criteria) xenial_linux-lts-xenial: DNE bionic_linux-lts-xenial: DNE disco_linux-lts-xenial: DNE devel_linux-lts-xenial: DNE Patches_linux-lts-trusty: upstream_linux-lts-trusty: released (4.11~rc1) precise/esm_linux-lts-trusty: ignored (was needed ESM criteria) trusty_linux-lts-trusty: DNE trusty/esm_linux-lts-trusty: DNE xenial_linux-lts-trusty: DNE bionic_linux-lts-trusty: DNE disco_linux-lts-trusty: DNE devel_linux-lts-trusty: DNE Patches_linux-oem: upstream_linux-oem: released (4.11~rc1) precise/esm_linux-oem: DNE trusty_linux-oem: DNE trusty/esm_linux-oem: DNE xenial_linux-oem: ignored (was needs-triage now end-of-life) bionic_linux-oem: not-affected (4.15.0-1002.3) disco_linux-oem: not-affected (4.15.0-1021.24) devel_linux-oem: not-affected (4.15.0-1035.40) Patches_linux-kvm: upstream_linux-kvm: released (4.11~rc1) precise/esm_linux-kvm: DNE trusty_linux-kvm: DNE trusty/esm_linux-kvm: DNE xenial_linux-kvm: released (4.4.0-1059.66) esm-infra/xenial_linux-kvm: released (4.4.0-1059.66) bionic_linux-kvm: not-affected (4.15.0-1002.2) disco_linux-kvm: not-affected (4.18.0-1003.3) devel_linux-kvm: not-affected (5.0.0-1004.4) Patches_linux-aws: upstream_linux-aws: released (4.11~rc1) precise/esm_linux-aws: DNE trusty_linux-aws: ignored (out of standard support) trusty/esm_linux-aws: ignored (was needed ESM criteria) xenial_linux-aws: released (4.4.0-1095.106) esm-infra/xenial_linux-aws: released (4.4.0-1095.106) bionic_linux-aws: not-affected (4.15.0-1001.1) disco_linux-aws: not-affected (4.18.0-1002.3) devel_linux-aws: not-affected (5.0.0-1004.4) Patches_linux-aws-hwe: upstream_linux-aws-hwe: released (4.11~rc1) precise/esm_linux-aws-hwe: DNE trusty_linux-aws-hwe: DNE trusty/esm_linux-aws-hwe: DNE xenial_linux-aws-hwe: not-affected (4.15.0-1030.31~16.04.1) esm-infra/xenial_linux-aws-hwe: not-affected (4.15.0-1030.31~16.04.1) bionic_linux-aws-hwe: DNE disco_linux-aws-hwe: DNE devel_linux-aws-hwe: DNE Patches_linux-azure: upstream_linux-azure: released (4.11~rc1) precise/esm_linux-azure: DNE trusty_linux-azure: ignored (out of standard support) trusty/esm_linux-azure: not-affected (4.15.0-1023.24~14.04.1) xenial_linux-azure: not-affected (4.11.0-1009.9) esm-infra/xenial_linux-azure: not-affected (4.11.0-1009.9) bionic_linux-azure: not-affected (4.15.0-1002.2) disco_linux-azure: not-affected (4.18.0-1003.3) devel_linux-azure: not-affected (5.0.0-1004.4) Patches_linux-azure-edge: upstream_linux-azure-edge: released (4.11~rc1) precise/esm_linux-azure-edge: DNE trusty_linux-azure-edge: DNE trusty/esm_linux-azure-edge: DNE xenial_linux-azure-edge: not-affected (4.11.0-1009.9) bionic_linux-azure-edge: not-affected (4.15.0-1002.2) disco_linux-azure-edge: DNE devel_linux-azure-edge: DNE Patches_linux-gcp: upstream_linux-gcp: released (4.11~rc1) precise/esm_linux-gcp: DNE trusty_linux-gcp: DNE trusty/esm_linux-gcp: DNE xenial_linux-gcp: released (4.13.0-1002.5) esm-infra/xenial_linux-gcp: released (4.13.0-1002.5) bionic_linux-gcp: not-affected (4.15.0-1001.1) disco_linux-gcp: not-affected (4.18.0-1002.3) devel_linux-gcp: not-affected (5.0.0-1004.4) Patches_linux-gcp-edge: upstream_linux-gcp-edge: released (4.11~rc1) precise/esm_linux-gcp-edge: DNE trusty_linux-gcp-edge: DNE trusty/esm_linux-gcp-edge: DNE xenial_linux-gcp-edge: DNE bionic_linux-gcp-edge: not-affected (4.15.0-1001.1) disco_linux-gcp-edge: DNE devel_linux-gcp-edge: DNE Patches_linux-gke-4.15: upstream_linux-gke-4.15: released (4.11~rc1) precise/esm_linux-gke-4.15: DNE trusty_linux-gke-4.15: DNE trusty/esm_linux-gke-4.15: DNE xenial_linux-gke-4.15: DNE bionic_linux-gke-4.15: not-affected (4.15.0-1030.32) disco_linux-gke-4.15: DNE devel_linux-gke-4.15: DNE Patches_linux-gke-5.0: upstream_linux-gke-5.0: released (4.11~rc1) precise/esm_linux-gke-5.0: DNE trusty_linux-gke-5.0: DNE trusty/esm_linux-gke-5.0: DNE xenial_linux-gke-5.0: DNE bionic_linux-gke-5.0: not-affected (5.0.0-1011.11~18.04.1) disco_linux-gke-5.0: DNE devel_linux-gke-5.0: DNE Patches_linux-oracle: upstream_linux-oracle: released (4.11~rc1) precise/esm_linux-oracle: DNE trusty_linux-oracle: DNE trusty/esm_linux-oracle: DNE xenial_linux-oracle: not-affected (4.15.0-1007.9~16.04.1) esm-infra/xenial_linux-oracle: not-affected (4.15.0-1007.9~16.04.1) bionic_linux-oracle: not-affected (4.15.0-1007.9) disco_linux-oracle: not-affected (4.15.0-1007.9) devel_linux-oracle: not-affected (4.15.0-1011.13) Patches_linux-raspi2: upstream_linux-raspi2: released (4.11~rc1) precise/esm_linux-raspi2: DNE trusty_linux-raspi2: DNE trusty/esm_linux-raspi2: DNE xenial_linux-raspi2: released (4.4.0-1123.132) bionic_linux-raspi2: not-affected (4.13.0-1005.5) disco_linux-raspi2: not-affected (4.18.0-1005.7) devel_linux-raspi2: not-affected (5.0.0-1006.6) Patches_linux-snapdragon: upstream_linux-snapdragon: released (4.11~rc1) precise/esm_linux-snapdragon: DNE trusty_linux-snapdragon: DNE trusty/esm_linux-snapdragon: DNE xenial_linux-snapdragon: released (4.4.0-1127.135) bionic_linux-snapdragon: released (4.15.0-1053.57) disco_linux-snapdragon: not-affected (5.0.0-1010.10) devel_linux-snapdragon: not-affected (5.0.0-1010.10)