#VU6612 Heap-based buffer overflow in Linux kernel - CVE-2017-7477


Vulnerability identifier: #VU6612

Vulnerability risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-7477

CWE-ID: CWE-122

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description
The vulnerability allows a remote attacker on the local network execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in the skb_to_sgvec() function in the MACsec driver. A remote attacker can use a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, trigger memory corruption and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.9.1 - 4.9.29, 4.10.0 - 4.10.12

External links
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4d6fa57b4dab0d77f4d8e9d9c73...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat update for Linux Kernel
Red Hat update for kernel
Remote code execution in Linux kernel
Ubuntu update for Linux kernel (HWE)
Ubuntu update for Linux kernel
Fedora 26 update for kernel
Fedora 24 update for kernel
Fedora 25 update for kernel