CVE-2017-18075
kernel: Mishandled freeing of instances in pcrypt.c can allow a local user to cause a denial of service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.
crypto/pcrypt.c en el kernel de Linux en versiones anteriores a la 4.14.13 gestiona de manera incorrecta la liberación de instancias, lo que permite que un usuario local acceda a la interfaz AEAD basada en AF_ALG (CONFIG_CRYPTO_USER_API_AEAD) y pcrypt (CONFIG_CRYPTO_PCRYPT) para provocar una denegación de servicio (kfree de un puntero incorrecto) o, posiblemente, causar otro tipo de impacto sin especificar mediante la ejecución de una secuencia manipulada de llamadas del sistema.
crypto/pcrypt.c in the Linux kernel, before 4.14.13, mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-24 CVE Reserved
- 2018-01-24 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-628: Function Call with Incorrectly Specified Arguments
- CWE-763: Release of Invalid Pointer or Reference
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/102813 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2948 | 2023-02-07 | |
| https://usn.ubuntu.com/3619-1 | 2023-02-07 | |
| https://usn.ubuntu.com/3619-2 | 2023-02-07 | |
| https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.13 | 2023-02-07 | |
| https://access.redhat.com/security/cve/CVE-2017-18075 | 2018-10-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1539508 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.2 < 4.4.111 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.111" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.76 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.76" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.14.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.14.13" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||