CVE-2017-18509

Summary

CVE	CVE-2017-18509
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-08-13 14:15:00 UTC
Updated	2023-11-07 02:41:00 UTC
Description	An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All

References

Reference	Source	Link	Tags
netdev - net/ipv4: general protection fault in inet_csk_listen_stop	MISC	lists.openwall.net	Mailing List, Third Party Advisory
Debian -- Security Information -- DSA-4497-1 linux	DEBIAN	www.debian.org	Third Party Advisory
Slackware Security Advisory - Slackware 14.2 kernel Updates ≈ Packet Storm	MISC	packetstormsecurity.com	Third Party Advisory, VDB Entry
support.f5.com/csp/article/K41582535	CONFIRM	support.f5.com	Third Party Advisory
Linux Kernel 4.9 - inet_csk_listen_stop GPF (CVE-2017-18509)	MISC	pulsesecurity.co.nz	Exploit, Third Party Advisory
ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt (baefcdc2) · Commits · Debian kernel team / linux · GitLab	MISC	salsa.debian.org	Third Party Advisory
ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt · torvalds/linux@99253eb · GitHub	MISC	github.com	Patch, Third Party Advisory
Bugtraq: [slackware-security] Slackware 14.2 kernel (SSA:2019-226-01)	BUGTRAQ	seclists.org	Mailing List, Third Party Advisory
kernel/git/torvalds/linux.git - Linux kernel source tree	MISC	git.kernel.org	Patch, Vendor Advisory
[SECURITY] [DLA 1884-1] linux security update	MLIST	lists.debian.org	Mailing List, Third Party Advisory
myF5		support.f5.com
[SECURITY] [DLA 1885-1] linux-4.9 security update	MLIST	lists.debian.org	Mailing List, Third Party Advisory
support.f5.com/csp/article/K41582535	CONFIRM	support.f5.com	Third Party Advisory
USN-4145-1: Linux kernel vulnerabilities \| Ubuntu security notices	UBUNTU	usn.ubuntu.com	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

610317 Google Android Devices February 2021 Security Patch Missing
610323 Google Android March 2021 Security Patch Missing for LGE
610324 Google Android March 2021 Security Patch Missing for Huawei EMUI
610325 Google Android March 2021 Security Patch Missing for Samsung
671064 EulerOS Security Update for kernel (EulerOS-SA-2019-2599)