oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2017-14489: Linux kernel: scsi: nlmsg is not properly parsed in iscsi_if_rx()

From: Vladis Dronov <vdronov () redhat com>
Date: Fri, 22 Sep 2017 10:14:26 -0400 (EDT)
Heololo,

It was found that the iscsi_if_rx() function in 'drivers/scsi/scsi_transport_iscsi.c'
in the Linux kernel since v2.6.24-rc1 through 4.13.2 allows local users to cause
a denial of service (a system panic) by making a number of certain syscalls by
leveraging incorrect length validation in the kernel code.

Our tests show that indeed an unprivileged local user can easily cause (i.e. run a binary)
a system panic or a compete lock up. A wide range of kernel versions is affected, from
v2.6.24-rc1 till the latest ones.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1490421

https://www.suse.com/security/cve/CVE-2017-14489/

https://nvd.nist.gov/vuln/detail/CVE-2017-14489

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14489

A suggested upstream patch:

https://patchwork.kernel.org/patch/9923803/

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Previous By Date Next
Previous By Thread Next

Current thread: