CVE-2017-16939

HIGH

Linux kernel <4.13.11 - Privilege Escalation/DoS

Title source: llm

Description

The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.

Exploits (2)

exploitdb WORKING POC

by SecuriTeam · locallinux

https://www.exploit-db.com/exploits/44049

View Code ZIP pw:eip

github WORKING POC 3 stars

by TamiiLambrado · cpoc

https://github.com/TamiiLambrado/CVE-pocs/tree/master/CVE-2017-16939-ipsec-xfrm.c

View Code ZIP pw:eip

References (14)

[Patch, Technical Description] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b5e2529a8f5ca8ee709288ecba3e68044df2

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2017/Nov/40

[Patch, Vendor Advisory] http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/101954

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:1318

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:1355

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:1170

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:1190

[Exploit, Patch, Third Party Advisory] https://blogs.securiteam.com/index.php/archives/3535

[Issue Tracking, Third Party Advisory] https://bugzilla.suse.com/show_bug.cgi?id=1069702

[Patch, Third Party Advisory] https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8ee709288ecba3e68044df2

[Third Party Advisory] https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html

[Third Party Advisory] https://www.debian.org/security/2018/dsa-4082

Scores

CVSS v3 7.8

EPSS 0.1016

EPSS Percentile 93.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (2)

debian/debian_linux 8.0

linux/linux_kernel 2.6.28 - 3.2.97

Published Nov 24, 2017

Tracked Since Feb 18, 2026