Main Vulnerability Database Vulnerabilities #VU7585

#VU7585 Buffer overflow in Linux kernel - CVE-2017-7541

Published: July 25, 2017 / Updated: July 25, 2017

Vulnerability identifier: #VU7585

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-7541

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system with elevated privileges.

The vulnerability exists due to boundary error in brcmf_cfg80211_mgmt_tx() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3. A local user can create a specially crafted NL80211_CMD_FRAME Netlink packet and trigger DoS conditions or execute arbitrary code on the target system with elevated privileges.

Successful exploitation of this vulnerability may allow an attacker to obtain elevated privileges.

Remediation

Update to version 4.12.3.

External links

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8f44c9a41386729fea410e...

#VU7585 Buffer overflow in Linux kernel - CVE-2017-7541

Description

Remediation

External links

Please verify you're human