Fedora 25 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2017-1000251 CVE-2017-12153 CVE-2017-12154 |
| CWE-ID | CWE-121 CWE-476 CWE-264 |
| Exploitation vector | Local network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Fedora Operating systems & Components / Operating system kernel Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Stack-based buffer overflow
EUVDB-ID: #VU8329
Risk: Low
CVSSv4.0: 7.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-1000251
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows an adjacent attacker to execute arbitrary code on the host system.
The weakness exists due to a stack-based buffer overflow in the processing of L2CAP configuration. An adjacent attacker can submit a specially crafted Bluetooth protocol, trigger memory corruption in the Bluetooth stack and execute arbitrary code in kernel space.
Successful exploitation of the vulnerability may result in host system compromise.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 25
kernel: before 4.12.13-200.fc25
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-e07d7fb18e
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) NULL pointer dereference
EUVDB-ID: #VU8694
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-12153
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
A security flaw was discovered in the nl80211_set_rekey_data() function
in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This
function does not check whether the required attributes are present in
a Netlink request. This request can be issued by a user with the
CAP_NET_ADMIN capability and may result in a NULL pointer dereference
and system crash.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 25
kernel: before 4.12.13-200.fc25
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-e07d7fb18e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper privilege management
EUVDB-ID: #VU8696
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-12154
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel
through 4.13.3 does not ensure that the "CR8-load exiting" and
"CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits
the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users
to obtain read and write access to the hardware CR8 register.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 25
kernel: before 4.12.13-200.fc25
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-e07d7fb18e
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
