Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.
2017-10-05T01:29:04.430
2025-04-20T01:37:25.860
Deferred
CVSSv3.1: 7.8 (HIGH)
AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | linux | linux_kernel | < 3.2.92 | Yes |
| Operating System | linux | linux_kernel | < 3.10.108 | Yes |
| Operating System | linux | linux_kernel | < 3.16.47 | Yes |
| Operating System | linux | linux_kernel | < 3.18.65 | Yes |
| Operating System | linux | linux_kernel | < 4.1.44 | Yes |
| Operating System | linux | linux_kernel | < 4.4.82 | Yes |
| Operating System | linux | linux_kernel | < 4.9.43 | Yes |
| Operating System | linux | linux_kernel | < 4.12.7 | Yes |
| Operating System | redhat | enterprise_linux | 5.0 | Yes |
| Operating System | redhat | enterprise_linux | 6.0 | Yes |
| Operating System | redhat | enterprise_linux | 7.0 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 6.0 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 7.0 | Yes |
| Operating System | redhat | enterprise_linux_server | 6.0 | Yes |
| Operating System | redhat | enterprise_linux_server | 7.0 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 7.4 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 7.6 | Yes |
| Operating System | redhat | enterprise_linux_server_eus | 7.4 | Yes |
| Operating System | redhat | enterprise_linux_server_eus | 7.5 | Yes |
| Operating System | redhat | enterprise_linux_server_eus | 7.6 | Yes |
| Operating System | redhat | enterprise_linux_server_tus | 7.4 | Yes |
| Operating System | redhat | enterprise_linux_server_tus | 7.6 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 6.0 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 7.0 | Yes |
| Operating System | debian | debian_linux | 8.0 | Yes |
| Operating System | debian | debian_linux | 9.0 | Yes |