ByteOS Network

NVD Vulnerability Details :

CVE-2017-2618

Modified

Source-secalert@redhat.com

Published At-27 Jul, 2018 | 19:29

Updated At-12 Feb, 2023 | 23:29

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary	3.0	5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C

Type: Primary

Version: 3.0

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.0

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 4.9

Base severity: MEDIUM

Vector:

AV:L/AC:L/Au:N/C:N/I:N/A:C

CPE Matches

Linux Kernel Organization, Inc

>>linux_kernel>>Versions before 4.9.10(exclusive)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>8.0

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux>>7.0

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_desktop>>7.0

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server>>7.0

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_aus>>7.3

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_aus>>7.4

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_eus>>7.3

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_eus>>7.4

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_eus>>7.5

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_workstation>>7.0

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-193	Primary	secalert@redhat.com
CWE-682	Secondary	nvd@nist.gov

CWE ID: CWE-193

Type: Primary

Source: secalert@redhat.com

CWE ID: CWE-682

Type: Secondary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/96272	secalert@redhat.com	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:0931	secalert@redhat.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0932	secalert@redhat.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0933	secalert@redhat.com	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618	secalert@redhat.com	Issue Tracking Patch Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c461cb727d146c9ef2d3e86214f498b78b7d125	secalert@redhat.com	Patch Vendor Advisory
https://marc.info/?l=selinux&m=148588165923772&w=2	secalert@redhat.com	Patch Third Party Advisory
https://www.debian.org/security/2017/dsa-3791	secalert@redhat.com	Third Party Advisory