CVE-2017-7477 (retired)

Priority
Description
Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in
the Linux kernel through 4.10.12 allows attackers to cause a denial of
service or possibly have unspecified other impact by leveraging the use of
a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature,
leading to an error in the skb_to_sgvec function.
Ubuntu-Description
Jason Donenfeld discovered a heap overflow in the MACsec module in the
Linux kernel. An attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.
Notes
 sbeattie> MITIGATION: blacklist the MACsec kernel module
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Patches:
Introduced by c09440f7dcb304002dfced8c0fea289eb25f2da0Fixed by 4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee
Introduced by c09440f7dcb304002dfced8c0fea289eb25f2da0Fixed by 5294b83086cc1c35b4efeca03644cf9d12282e5b
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.8.0-52.55~16.04.1)
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.8.0-52.55~16.04.1)
Package
linux-krillin:not-affected
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:released (4.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
linux-vegetahd:not-affected
More Information

Updated: 2019-05-15 17:24:54 UTC (commit 2d71aefac924bf16479c12958688c37878e881eb)