CVE-2017-12153

A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash.
References
Link Resource
https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=e785fa0a164aa11001cba931367c7f94ffaff888 Issue Tracking Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1491046 Issue Tracking Patch Third Party Advisory
https://bugzilla.novell.com/show_bug.cgi?id=1058410 Issue Tracking Patch Third Party Advisory
http://seclists.org/oss-sec/2017/q3/437 Mailing List Patch Third Party Advisory
https://marc.info/?t=150525503100001&r=1&w=2 Patch Third Party Advisory
http://www.securityfocus.com/bid/100855 Third Party Advisory VDB Entry
http://www.debian.org/security/2017/dsa-3981 Third Party Advisory
https://usn.ubuntu.com/3583-2/ Third Party Advisory
https://usn.ubuntu.com/3583-1/ Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Information

Published : 2017-09-21 08:29

Updated : 2019-10-09 16:22


NVD link : CVE-2017-12153

Mitre link : CVE-2017-12153


JSON object : View

CWE
CWE-476

NULL Pointer Dereference

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

canonical

  • ubuntu_linux

linux

  • linux_kernel