Memory Corruption Vulnerability in Linux Kernel Affects Kerberos 5 Ticket Processing
CVE-2017-7482

7.1HIGH

Key Information:

Vendor

[unknown]

Status
Kernel:
Vendor
CVE Published:
30 July 2018

What is CVE-2017-7482?

In the Linux kernel prior to version 4.12, an issue was identified in the decoding of Kerberos 5 tickets when utilizing the RXRPC keys. The vulnerability arises from an incorrect assumption regarding the size of a field, leading to a potential wrap-around of the size-remaining variable. This flaw may result in the data pointer exceeding the bounds of the buffer and impairing memory integrity, which could facilitate unauthorized privilege escalation.

Affected Version(s)

kernel: 4.12

References

http://www.securityfocus.com/bid/99299
vdb-entryx_refsource_BID
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038787
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.