{ "id": "CVE-2017-17805", "sourceIdentifier": "cve@mitre.org", "published": "2017-12-20T23:29:00.327", "lastModified": "2023-01-19T15:45:33.937", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable." }, { "lang": "es", "value": "El algoritmo de cifrado Salsa20 en el kernel de Linux en versiones anteriores a la 4.14.8 no maneja correctamente las entradas de longitud cero, lo que permite a un atacante local capaz de utilizar la interfaz skcipher basada en AF_ALG (CONFIG_CRYPTO_USER_API_SKCIPHER) provocar una denegaci\u00f3n de servicio (liberaci\u00f3n de memoria no inicializada y fallo del kernel) o provocar otro impacto no especificado ejecutando una secuencia manipulada de llamadas al sistema que utilizan la API blkcipher_walk. Tanto la implementaci\u00f3n gen\u00e9rica (crypto/salsa20_generic.c) como la implementaci\u00f3n x86 (arch/x86/crypto/salsa20_glue.c) de Salsa20 eran vulnerables." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2 }, "baseSeverity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-20" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.25", "versionEndExcluding": "3.2.97", "matchCriteriaId": "9C38EF6C-BEB1-4C3B-965F-1BA7A9E0F84C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.3", "versionEndExcluding": "3.16.52", "matchCriteriaId": "B97C01AC-F470-4190-AC38-30DE3DFDCCAC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "3.18.89", "matchCriteriaId": "BBA93779-9E2C-4161-9DC3-569588ECB754" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.19", "versionEndExcluding": "4.1.49", "matchCriteriaId": "F3C1F309-D954-4BB7-AC02-30FC58BE76F9" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "4.4.107", "matchCriteriaId": "EEE9C869-86BF-4DBF-8EBB-FC14AD5A7019" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "4.9.71", "matchCriteriaId": "A25E81B4-C400-4932-8841-3116C21DF3DF" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "4.14.8", "matchCriteriaId": "342F6BB8-126D-4E05-915F-4CDC362F5C51" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252" }, { "vulnerable": true, "criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB" }, { "vulnerable": true, "criteria": "cpe:2.3:o:opensuse_project:leap:42.3:*:*:*:*:*:*:*", "matchCriteriaId": "D8CD4569-8BFA-4654-9CAB-2882D4CAE57D" }, { "vulnerable": true, "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*", "matchCriteriaId": "57CFAD92-EECD-417D-ADDB-8178C320B204" }, { "vulnerable": true, "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*", "matchCriteriaId": "C1DCD75C-9775-4922-8A44-C4707C640946" }, { "vulnerable": true, "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:extra:*:*:*:*:*:*", "matchCriteriaId": "AD1AEFA5-9D43-4DD2-9088-7B37D5F220C4" }, { "vulnerable": true, "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE" }, { "vulnerable": true, "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*", "matchCriteriaId": "F84B2729-7B52-4505-9656-1BD31B980705" }, { "vulnerable": true, "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:*:*:*", "matchCriteriaId": "631BB7F0-5F27-4244-8E72-428DA824C75B" }, { "vulnerable": true, "criteria": "cpe:2.3:o:suse:linux_enterprise_server_for_raspberry_pi:12:sp2:*:*:*:*:*:*", "matchCriteriaId": "4605D055-EA6E-4C90-9277-AC067E1BD02D" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41" }, { "vulnerable": true, "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1" }, { "vulnerable": true, "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6" }, { "vulnerable": true, "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886" } ] } ] } ], "references": [ { "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.securityfocus.com/bid/102291", "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://access.redhat.com/errata/RHSA-2018:2948", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2018:3083", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2018:3096", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2019:2473", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://usn.ubuntu.com/3617-1/", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://usn.ubuntu.com/3617-2/", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://usn.ubuntu.com/3617-3/", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://usn.ubuntu.com/3619-1/", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://usn.ubuntu.com/3619-2/", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://usn.ubuntu.com/3620-1/", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://usn.ubuntu.com/3620-2/", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://usn.ubuntu.com/3632-1/", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.debian.org/security/2017/dsa-4073", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.debian.org/security/2018/dsa-4082", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8", "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Release Notes" ] } ] }