An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2019-08-13 07:15
Updated : 2023-02-07 14:01
NVD link : CVE-2017-18509
Mitre link : CVE-2017-18509
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
debian
- debian_linux
canonical
- ubuntu_linux
linux
- linux_kernel