CVE-2017-15129
CVSS v3.1
4.7 (Medium)
CVSS v2.0
4.9 (Medium)
EPSS
0.04 % (11th)
Affected Products
20
Advisories
14
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.
Weaknesses
- CWE-362
- Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2018-01-09 19:29:00
(6 years ago) - Updated Date
-
2024-02-08 02:07:55
(7 months ago)
Affected Products
- Enterprise Linux
- Enterprise Linux Compute Node Eus
- Enterprise Linux Desktop
- Enterprise Linux Eus
- Enterprise Linux For Ibm Z Systems
- Enterprise Linux For Ibm Z Systems Eus
- Enterprise Linux For Power Big Endian
- Enterprise Linux For Power Big Endian Eus
- Enterprise Linux For Power Little Endian Eus
- Enterprise Linux For Real Time
- Enterprise Linux For Real Time For Nfv
- Enterprise Linux For Scientific Computing
- Enterprise Linux Server
- Enterprise Linux Server Aus
- Enterprise Linux Server Tus
- Enterprise Linux Server Update Services For Sap Solutions
- Enterprise Linux Workstation
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...