Home

CVE-2017-7482

Description

In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.161

Associated Vulnerability

VulnerabilityOS Platform
Linux kernel (LSN-0026-1) linux-image-generic_4.4.0.87.93_i386.debLinux
Linux kernel (LSN-0026-1) linux-image-generic_4.4.0.87.93_amd64.debLinux
Linux kernel (LSN-0026-1) linux-image-lowlatency_4.4.0.87.93_i386.debLinux
Linux kernel (LSN-0026-1) linux-image-lowlatency_4.4.0.87.93_amd64.debLinux
Linux kernel (LSN-0026-1) linux-image-4.4.0-87-generic_4.4.0-87.110_i386.debLinux
Linux kernel (LSN-0026-1) linux-image-4.4.0-87-generic_4.4.0-87.110_amd64.debLinux
Linux kernel (LSN-0026-1) linux-image-4.4.0-87-lowlatency_4.4.0-87.110_i386.debLinux
Linux kernel (LSN-0026-1) linux-image-4.4.0-87-lowlatency_4.4.0-87.110_amd64.debLinux
Linux kernel (USN-3377-1) linux-image-4.10.0-30-generic_4.10.0-30.34_i386.debLinux
Linux kernel (USN-3377-1) linux-image-4.10.0-30-generic_4.10.0-30.34_amd64.debLinux
Linux kernel (USN-3377-1) linux-image-4.10.0-30-lowlatency_4.10.0-30.34_i386.debLinux
Linux kernel (USN-3377-1) linux-image-4.10.0-30-lowlatency_4.10.0-30.34_amd64.debLinux
Linux hardware enablement (HWE) kernel (USN-3377-2) linux-image-4.10.0-30-generic_4.10.0-30.34~16.04.1_i386.debLinux
Linux hardware enablement (HWE) kernel (USN-3377-2) linux-image-4.10.0-30-generic_4.10.0-30.34~16.04.1_amd64.debLinux
Linux hardware enablement (HWE) kernel (USN-3377-2) linux-image-4.10.0-30-lowlatency_4.10.0-30.34~16.04.1_i386.debLinux
Linux hardware enablement (HWE) kernel (USN-3377-2) linux-image-4.10.0-30-lowlatency_4.10.0-30.34~16.04.1_amd64.debLinux
Linux kernel (USN-3378-1) linux-image-4.4.0-1024-gke_4.4.0-1024.24_amd64.debLinux
Linux kernel (USN-3378-1) linux-image-4.4.0-1028-aws_4.4.0-1028.37_amd64.debLinux
Linux kernel (USN-3378-1) linux-image-4.4.0-89-generic_4.4.0-89.112_i386.debLinux
Linux kernel (USN-3378-1) linux-image-4.4.0-89-generic_4.4.0-89.112_amd64.debLinux
Linux kernel (USN-3378-1) linux-image-4.4.0-89-lowlatency_4.4.0-89.112_i386.debLinux
Linux kernel (USN-3378-1) linux-image-4.4.0-89-lowlatency_4.4.0-89.112_amd64.debLinux
Linux hardware enablement kernel from Xenial for Trusty (USN-3378-2) linux-image-4.4.0-89-generic_4.4.0-89.112~14.04.1_i386.debLinux
Linux hardware enablement kernel from Xenial for Trusty (USN-3378-2) linux-image-4.4.0-89-generic_4.4.0-89.112~14.04.1_amd64.debLinux
Linux hardware enablement kernel from Xenial for Trusty (USN-3378-2) linux-image-4.4.0-89-lowlatency_4.4.0-89.112~14.04.1_i386.debLinux
Linux hardware enablement kernel from Xenial for Trusty (USN-3378-2) linux-image-4.4.0-89-lowlatency_4.4.0-89.112~14.04.1_amd64.debLinux
Linux kernel (USN-3381-1) linux-image-3.13.0-126-generic_3.13.0-126.175_i386.debLinux
Linux kernel (USN-3381-1) linux-image-3.13.0-126-generic_3.13.0-126.175_amd64.debLinux
Linux kernel (USN-3381-1) linux-image-3.13.0-126-lowlatency_3.13.0-126.175_i386.debLinux
Linux kernel (USN-3381-1) linux-image-3.13.0-126-lowlatency_3.13.0-126.175_amd64.debLinux
Dtrace-modules-3.8.13-118.20.3.el6uek update (ELSA-2018-4040) dtrace-modules-3.8.13-118.20.3.el6uek-0.4.5-3.el6.x86_64.rpmLinux
Dtrace-modules-3.8.13-118.20.3.el7uek update (ELSA-2018-4040) dtrace-modules-3.8.13-118.20.3.el7uek-0.4.5-3.el7.x86_64.rpmLinux
Dtrace-modules-3.8.13-118.21.1.el6uek update (ELSA-2018-4109) dtrace-modules-3.8.13-118.21.1.el6uek-0.4.5-3.el6.x86_64.rpmLinux
Dtrace-modules-3.8.13-118.21.1.el7uek update (ELSA-2018-4109) dtrace-modules-3.8.13-118.21.1.el7uek-0.4.5-3.el7.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234