1. Home
  2. Vulnerabilities
  3. CVE-2017-7184

CVE-2017-7184

CVSS v3.1 7.8 (High)
78% Progress
CVSS v2.0 7.2 (High)
72% Progress
EPSS 0.15 % (52th)
0.15% Progress
Affected Products 2
Advisories 46
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2017-03-19 18:59:00
(7 years ago)
Updated Date
2023-02-10 00:53:24
(19 months ago)

Affected Products

Canonical

Linux

Configuration #1

AND
    CPE23 From Up To
OR  
  Linux Kernel 4.8 cpe:2.3:o:linux:linux_kernel:4.8
OR  
  Running on/with
  Canonical Ubuntu Linux 16.10 cpe:2.3:o:canonical:ubuntu_linux:16.10

Configuration #2

AND
    CPE23 From Up To
OR  
  Linux Kernel prior 3.2.89 version cpe:2.3:o:linux:linux_kernel < 3.2.89
OR  
  Running on/with
  Linux Kernel from 3.3 version and prior 3.10.106 version cpe:2.3:o:linux:linux_kernel >= 3.3 < 3.10.106
OR  
  Running on/with
  Linux Kernel from 3.11 version and prior 3.12.73 version cpe:2.3:o:linux:linux_kernel >= 3.11 < 3.12.73
OR  
  Running on/with
  Linux Kernel from 3.13 version and prior 3.16.44 version cpe:2.3:o:linux:linux_kernel >= 3.13 < 3.16.44
OR  
  Running on/with
  Linux Kernel from 3.17 version and prior 3.18.49 version cpe:2.3:o:linux:linux_kernel >= 3.17 < 3.18.49
OR  
  Running on/with
  Linux Kernel from 3.19 version and prior 4.1.49 version cpe:2.3:o:linux:linux_kernel >= 3.19 < 4.1.49
OR  
  Running on/with
  Linux Kernel from 4.2 version and prior 4.4.59 version cpe:2.3:o:linux:linux_kernel >= 4.2 < 4.4.59
OR  
  Running on/with
  Linux Kernel from 4.5 version and prior 4.9.20 version cpe:2.3:o:linux:linux_kernel >= 4.5 < 4.9.20
OR  
  Running on/with
  Linux Kernel from 4.10 version and prior 4.10.8 version cpe:2.3:o:linux:linux_kernel >= 4.10 < 4.10.8