NVD Vulnerability Detail

CVE-2017-7487

Summary	The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.
Publication Date	May 15, 2017, 7:29 a.m.
Registration Date	Jan. 26, 2021, 1:28 p.m.
Last Update	Nov. 21, 2024, 12:32 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80	Patch
2	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80	Patch
3	http://www.debian.org/security/2017/dsa-3886	Third Party Advisory
4	http://www.debian.org/security/2017/dsa-3886	Third Party Advisory
5	http://www.securityfocus.com/bid/98439	Third Party Advisory VDB Entry
6	http://www.securityfocus.com/bid/98439	Third Party Advisory VDB Entry
7	http://www.securitytracker.com/id/1039237	Third Party Advisory VDB Entry
8	http://www.securitytracker.com/id/1039237	Third Party Advisory VDB Entry
9	https://bugzilla.redhat.com/show_bug.cgi?id=1447734	Issue Tracking Patch
10	https://bugzilla.redhat.com/show_bug.cgi?id=1447734	Issue Tracking Patch
11	https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80	Issue Tracking Patch Vendor Advisory
12	https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80	Issue Tracking Patch Vendor Advisory
13	https://patchwork.ozlabs.org/patch/757549/	Patch
14	https://patchwork.ozlabs.org/patch/757549/	Patch
15	https://source.android.com/security/bulletin/2017-09-01	Third Party Advisory
16	https://source.android.com/security/bulletin/2017-09-01	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-416	解放済みメモリの使用	https://cwe.mitre.org/data/definitions/416.html

JVN Vulnerability Information

Linux Kernel の net/ipx/af_ipx.c の ipxitf_ioctl 関数におけるサービス運用妨害 (DoS) の脆弱性

Title	Linux Kernel の net/ipx/af_ipx.c の ipxitf_ioctl 関数におけるサービス運用妨害 (DoS) の脆弱性
Summary	Linux Kernel の net/ipx/af_ipx.c の ipxitf_ioctl 関数は、リファレンスカウントを誤って処理するため、サービス運用妨害 (解放済みメモリの使用 (Use-after-free)) 状態にされるなど、不特定の影響を受ける脆弱性が存在します。
Possible impacts	ローカルユーザにより、IPX インターフェースへの失敗した SIOCGIFADDR ioctl コールを介して、サービス運用妨害 (解放済みメモリの使用 (Use-after-free)) 状態にされるなど、不特定の影響を受ける可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 2, 2017, midnight
Registration Date	June 19, 2017, 11:48 a.m.
Last Update	June 19, 2017, 11:48 a.m.

Affected System

Linux

Linux Kernel 4.11.1 まで

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-7487	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7487
National Vulnerability Database (NVD)
2	CVE-2017-7487	https://nvd.nist.gov/vuln/detail/CVE-2017-7487

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-416	https://cwe.mitre.org/data/definitions/416.html

ベンダー情報

No	Name	URL
GitHub
1	ipx: call ipxitf_put() in ioctl error path	https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80
Linux Kernel
2	Linux Kernel Archives	http://www.kernel.org
Linux kernel source tree
3	ipx: call ipxitf_put() in ioctl error path	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80
Patchwork Linux network development
4	ipx: call ipxitf_put() in ioctl error path	https://patchwork.ozlabs.org/patch/757549/
Red Hat Bugzilla
5	Bug 1447734	https://bugzilla.redhat.com/show_bug.cgi?id=1447734

Change Log

No	Changed Details	Date of change
0	[2017年06月19日] 掲載	Feb. 17, 2018, 10:37 a.m.