CVE-2017-15129
Description
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.
Risk Information
Base Score
4.7
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.078
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3468-3) linux-image-gcp_4.13.0.1012.14_amd64.deb | Linux |
| Linux kernel (USN-3469-1) linux-image-aws_4.4.0.1054.56_amd64.deb | Linux |
| Linux kernel (USN-3469-1) linux-image-kvm_4.4.0.1020.19_amd64.deb | Linux |
| Linux kernel (USN-3469-1) linux-image-generic_4.4.0.119.125_i386.deb | Linux |
| Linux kernel (USN-3469-1) linux-image-generic_4.4.0.119.125_amd64.deb | Linux |
| Linux kernel (USN-3469-1) linux-image-lowlatency_4.4.0.119.125_i386.deb | Linux |
| Linux kernel (USN-3469-1) linux-image-lowlatency_4.4.0.119.125_amd64.deb | Linux |
| Linux kernel (USN-3220-1) linux-image-gke_4.13.0.1012.14_amd64.deb | Linux |
| Linux kernel (USN-3220-1) linux-image-generic_4.4.0.119.125_i386.deb | Linux |
| Linux kernel (USN-3220-1) linux-image-generic_4.4.0.119.125_amd64.deb | Linux |
| Linux kernel (USN-3220-1) linux-image-lowlatency_4.4.0.119.125_i386.deb | Linux |
| Linux kernel (USN-3220-1) linux-image-lowlatency_4.4.0.119.125_amd64.deb | Linux |
| Linux kernel (LSN-0033-1) linux-image-gcp_4.13.0.1012.14_amd64.deb | Linux |
| Linux kernel (USN-3617-1) linux-image-generic_4.13.0.38.41_i386.deb | Linux |
| Linux kernel (USN-3617-1) linux-image-generic_4.13.0.38.41_amd64.deb | Linux |
| Linux kernel (USN-3617-1) linux-image-lowlatency_4.13.0.38.41_amd64.deb | Linux |
| Linux kernel (USN-3617-1) linux-image-4.13.0-38-generic_4.13.0-38.43_i386.deb | Linux |
| Linux kernel (USN-3617-1) linux-image-4.13.0-38-generic_4.13.0-38.43_amd64.deb | Linux |
| Linux kernel (USN-3617-1) linux-image-4.13.0-38-lowlatency_4.13.0-38.43_i386.deb | Linux |
| Linux kernel (USN-3617-1) linux-image-4.13.0-38-lowlatency_4.13.0-38.43_amd64.deb | Linux |
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3617-2) linux-image-oem_4.13.0.1022.26_amd64.deb | Linux |
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3617-2) linux-image-4.13.0-1012-gcp_4.13.0-1012.16_amd64.deb | Linux |
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3617-2) linux-image-4.13.0-1022-oem_4.13.0-1022.24_amd64.deb | Linux |
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3617-2) linux-image-4.13.0-38-generic_4.13.0-38.43~16.04.1_i386.deb | Linux |
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3617-2) linux-image-4.13.0-38-generic_4.13.0-38.43~16.04.1_amd64.deb | Linux |
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3617-2) linux-image-4.13.0-38-lowlatency_4.13.0-38.43~16.04.1_i386.deb | Linux |
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3617-2) linux-image-4.13.0-38-lowlatency_4.13.0-38.43~16.04.1_amd64.deb | Linux |
| Linux kernel (USN-3619-1) linux-image-4.4.0-1020-kvm_4.4.0-1020.25_amd64.deb | Linux |
| Linux kernel (USN-3619-1) linux-image-4.4.0-1054-aws_4.4.0-1054.63_amd64.deb | Linux |
| Linux kernel (USN-3619-1) linux-image-4.4.0-119-generic_4.4.0-119.143_i386.deb | Linux |
| Linux kernel (USN-3619-1) linux-image-4.4.0-119-generic_4.4.0-119.143_amd64.deb | Linux |
| Linux kernel (USN-3619-1) linux-image-4.4.0-119-lowlatency_4.4.0-119.143_i386.deb | Linux |
| Linux kernel (USN-3619-1) linux-image-4.4.0-119-lowlatency_4.4.0-119.143_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3619-2) linux-image-aws_4.4.0.1016.16_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3619-2) linux-image-4.4.0-1016-aws_4.4.0-1016.16_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3619-2) linux-image-4.4.0-119-generic_4.4.0-119.143~14.04.1_i386.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3619-2) linux-image-4.4.0-119-generic_4.4.0-119.143~14.04.1_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3619-2) linux-image-4.4.0-119-lowlatency_4.4.0-119.143~14.04.1_i386.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3619-2) linux-image-4.4.0-119-lowlatency_4.4.0-119.143~14.04.1_amd64.deb | Linux |
| Linux kernel for Microsoft Azure Cloud systems (USN-3632-1) linux-image-azure_4.13.0.1014.16_amd64.deb | Linux |
| Linux kernel for Microsoft Azure Cloud systems (USN-3632-1) linux-image-4.13.0-1014-azure_4.13.0-1014.17_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234