Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 617506 (CVE-2017-2671)

Summary: Kernel CVE-2017-2671 ping socket / AF_LLC connect() sin_family race
Product: Gentoo Security Reporter: Volkan <vBugZilla>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=1436649
Whiteboard:
Package list:
Runtime testing required: ---

Description Volkan 2017-05-04 18:24:17 UTC 
A race condition, leading to a NULL pointer dereference, was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to corrupt kernel memory leading to a kernel crash or privilege escalation. 

References:

http://seclists.org/oss-sec/2017/q1/675

CVE assignment:

http://seclists.org/oss-sec/2017/q2/17

Patch:

http://seclists.org/oss-sec/2017/q1/677

https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=43a6684519ab0a6c52024b5e25322476cabad893

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43a6684519ab0a6c52024b5e25322476cabad893
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-25 23:00:37 UTC 
Fix in 4.9.26, 4.11