公告ID: KYLIN-2017-18509
安全等级: 重要
产品: Kylin V3
发布日期: 2019年8月20日
CVE: CVE-2017-18509
CVSS3评分: 7.2
概述:
At this time none of the Kylin Enterprse Linux shipping releases are vulnerable to the described flaw. 描述:
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187. A flaw was found in the Linux kernel’s net/ipv6/ip6mr.c function where setting a specific socket option can cause an inet_csk_listen_stop general protection fault. An attacker with CAP_NET_ADMIN style privileges inside a container, can crash the system or execute arbitrary code when issuing a specially crafted call to configure ipv6 multicast routing. 系统版本:
KYLIN 3.3.x
KYLIN 3.0.x
KYLIN 3.2.x
KYLIN 3.3.x
KYLIN 3.3.x
KYLIN 3.4.x
KYLIN 3.4.x
受影响包列表:
kernel-alt
kernel
kernel
kernel-rt
kernel
kernel-rt
kernel