Fedora 25 update for kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2017-5897 CVE-2017-5986 |
| CWE-ID | CWE-125 CWE-617 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system kernel Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU5675
Risk: Medium
CVSSv4.0: 6.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-5897
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information.
The vulnerability exists due to boundary error when processing GRE packets in ip6gre_err() function in net/ipv6/ip6_gre.c. A remote attacker can send specially crafted GRE packets to IPv6 interface, trigger out-of-bounds read and obtain memory contents or cause denial of service.Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive information, stored in RAM, such as passwords, encryption keys, etc.
Mitigation
Install updates from vendor's repository.
Vulnerable software versionsFedora: 25
kernel: before 4.9.9-200.fc25
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-fb89ca752a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Assertion failure
EUVDB-ID: #VU5868
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-5986
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to cause kernel panic.
The vulnerability exists due to a race condition in the sctp_wait_for_sndbuf() function in net/sctp/socket.c in the Linux kernel before 4.9.11. A local user can use userspace application to trigger a BUG_ON() system call if the socket tx buffer is full and cause kernel panic.
Successful exploitation of this vulnerability may result in denial of service condition.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 25
kernel: before 4.9.9-200.fc25
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-fb89ca752a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
