CVE-2017-17449
kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.
La función __netlink_deliver_tap_skb en net/netlink/af_netlink.c en el kernel de Linux hasta la versión 4.14.4, cuando CONFIG_NLMON está habilitado, no restringe las observaciones de mensajes Netlink a un espacio de nombres de red único, lo que permite que usuarios locales obtengan información sensible utilizando la capacidad CAP_NET_ADMIN para rastrear una interfaz nlmon para toda la actividad Netlink en el sistema.
The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel, through 4.14.4, does not restrict observations of Netlink messages to a single net namespace, when CONFIG_NLMON is enabled. This allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.
Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Jan H. Schonherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service or possibly gain administrative privileges in the host. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-06 CVE Reserved
- 2017-12-07 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-284: Improper Access Control
CAPEC
References (19)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/102122 | Third Party Advisory | |
| https://lkml.org/lkml/2017/12/5/950 | Mailing List | |
| https://source.android.com/security/bulletin/pixel/2018-04-01 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:0654 | 2018-05-31 | |
| https://access.redhat.com/errata/RHSA-2018:0676 | 2018-05-31 | |
| https://access.redhat.com/errata/RHSA-2018:1062 | 2018-05-31 | |
| https://access.redhat.com/errata/RHSA-2018:1130 | 2018-05-31 | |
| https://access.redhat.com/errata/RHSA-2018:1170 | 2018-05-31 | |
| https://usn.ubuntu.com/3619-1 | 2018-05-31 | |
| https://usn.ubuntu.com/3619-2 | 2018-05-31 | |
| https://usn.ubuntu.com/3653-1 | 2018-05-31 | |
| https://usn.ubuntu.com/3653-2 | 2018-05-31 | |
| https://usn.ubuntu.com/3655-1 | 2018-05-31 | |
| https://usn.ubuntu.com/3655-2 | 2018-05-31 | |
| https://usn.ubuntu.com/3657-1 | 2018-05-31 | |
| https://www.debian.org/security/2017/dsa-4073 | 2018-05-31 | |
| https://www.debian.org/security/2018/dsa-4082 | 2018-05-31 | |
| https://access.redhat.com/security/cve/CVE-2017-17449 | 2018-04-17 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1525762 | 2018-04-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.14.4 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.14.4" | - |
Affected
| ||||||