Linux kernel is prone to a local privilege-escalation vulnerability.
Local attackers may exploit this issue to gain root privileges.
Linux Kernel version 4.8 is vulnerable; other versions may also be affected.
Information
Ubuntu Ubuntu Linux 16.04 LTS
Ubuntu Ubuntu Linux 14.04 LTS
Ubuntu Ubuntu Linux 12.04 LTS
Ubuntu linux-meta package 4.8.0.41.52
SuSE Linux Enterprise Workstation Extension 12 SP1
SuSE Linux Enterprise Software Development Kit 12 SP2
SuSE Linux Enterprise Software Development Kit 12 SP1
SuSE Linux Enterprise Server for SAP 12
SuSE Linux Enterprise Server for Raspberry Pi 12-SP2
SuSE Linux Enterprise Server 12-SP2
SuSE Linux Enterprise Server 12-SP1
SuSE Linux Enterprise Server 12-LTSS
SuSE Linux Enterprise Module for Public Cloud 12
SuSE Linux Enterprise Live Patching 12
SuSE Linux Enterprise High Availability 12-SP2
SuSE Linux Enterprise Desktop 12-SP2
SuSE Linux Enterprise Desktop 12-SP1
Redhat Enterprise Mrg 2
Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
Redhat Enterprise Linux 5
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
openSUSE Leap 42.1
OpenStack Cloud Magnum Orchestration 7
Linux kernel 4.8
Google Pixel XL 0
Google Pixel C 0
Google Pixel 0
Google Nexus 9
Google Nexus 6P
Google Nexus 6
Google Nexus 5X
Google Android One 0
Exploit
Exploitation of this issue was demonstrated at the Pwn2own contest, but the exploit is not publicly available.
References:
- CVE-2017-7184: kernel: Local privilege escalation in XFRM framework (Tyler Hicks)
- Linux kernel Homepage (kernel.org)
- Android Security Bulletinâ??May 2017 (Android)
- PWN2OWN 2017 (zerodayinitiative)
- Re: information about pwn2own Kernel problem (Seclists.org)
- The Results â?? Pwn2Own 2017 Day One (trendmicro)
- Ubuntu Linux Falls on Day 1 of Pwn2Own Hacking Competition (eweek)
- ZDI-17-240: (Pwn2Own) Linux Kernel XFRM Out-Of-Bounds Access Privilege Escalatio (Zero Day Initiative)