Main Vulnerability Database SB2017020942

SB2017020942 - Fedora 25 update for kernel

Published: February 9, 2017 Updated: April 24, 2025

Security Bulletin ID SB2017020942

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2017-5897)

The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information.

The vulnerability exists due to boundary error when processing GRE packets in ip6gre_err() function in net/ipv6/ip6_gre.c. A remote attacker can send specially crafted GRE packets to IPv6 interface, trigger out-of-bounds read and obtain memory contents or cause denial of service.

Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive information, stored in RAM, such as passwords, encryption keys, etc.

2) Assertion failure (CVE-ID: CVE-2017-5986)

The vulnerability allows a local user to cause kernel panic.

The vulnerability exists due to a race condition in the sctp_wait_for_sndbuf() function in net/sctp/socket.c in the Linux kernel before 4.9.11. A local user can use userspace application to trigger a BUG_ON() system call if the socket tx buffer is full and cause kernel panic.

Successful exploitation of this vulnerability may result in denial of service condition.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2017-fb89ca752a