CVE-2017-17806

{"id": "CVE-2017-17806", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2017-12-20T23:29:00.377", "references": [{"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/102293", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2948", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/torvalds/linux/commit/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3583-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3583-2/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3617-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3617-2/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3617-3/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3619-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3619-2/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3632-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2017/dsa-4073", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2018/dsa-4082", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8", "tags": ["Issue Tracking", "Release Notes"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization."}, {"lang": "es", "value": "La implementaci\u00f3n HMAC (crypto/hmac.c) en el kernel de Linux en versiones anteriores a la 4.14.8 no valida que el algoritmo de hash criptogr\u00e1fico subyacente no tenga clave, lo que permite que un atacante local capaz de utilizar la interfaz hash basada en AF_ALG (CONFIG_CRYPTO_USER_API_HASH) y el algoritmo hash basado en SHA-3 (CONFIG_CRYPTO_SHA3) provoque un desbordamiento de b\u00fafer de pila de kernel ejecutando una secuencia manipulada de llamadas al sistema para encontrar una inicializaci\u00f3n SHA-3 ausente."}], "lastModified": "2023-01-19T16:26:25.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B86887F-D4E3-4F47-98BC-697EE11A74CE", "versionEndExcluding": "3.2.97"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B97C01AC-F470-4190-AC38-30DE3DFDCCAC", "versionEndExcluding": "3.16.52", "versionStartIncluding": "3.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBA93779-9E2C-4161-9DC3-569588ECB754", "versionEndExcluding": "3.18.89", "versionStartIncluding": "3.17"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3C1F309-D954-4BB7-AC02-30FC58BE76F9", "versionEndExcluding": "4.1.49", "versionStartIncluding": "3.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEE9C869-86BF-4DBF-8EBB-FC14AD5A7019", "versionEndExcluding": "4.4.107", "versionStartIncluding": "4.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A25E81B4-C400-4932-8841-3116C21DF3DF", "versionEndExcluding": "4.9.71", "versionStartIncluding": "4.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "342F6BB8-126D-4E05-915F-4CDC362F5C51", "versionEndExcluding": "4.14.8", "versionStartIncluding": "4.10"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}, {"criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB"}, {"criteria": "cpe:2.3:o:opensuse_project:leap:42.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8CD4569-8BFA-4654-9CAB-2882D4CAE57D"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57CFAD92-EECD-417D-ADDB-8178C320B204"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1DCD75C-9775-4922-8A44-C4707C640946"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:extra:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD1AEFA5-9D43-4DD2-9088-7B37D5F220C4"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F84B2729-7B52-4505-9656-1BD31B980705"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "631BB7F0-5F27-4244-8E72-428DA824C75B"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server_for_raspberry_pi:12:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4605D055-EA6E-4C90-9277-AC067E1BD02D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}