CVE-2017-17449
Publication date 6 December 2017
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.
From the Ubuntu Security Team
It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic).
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 4.4.0-119.143
|
|
14.04 LTS trusty |
Fixed 3.13.0-149.199
|
|
linux-armadaxp | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 4.4.0-1054.63
|
|
14.04 LTS trusty |
Fixed 4.4.0-1016.16
|
|
linux-azure | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 4.13.0-1018.21
|
|
14.04 LTS trusty |
Not affected
|
|
linux-euclid | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-flo | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-gcp | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 4.13.0-1017.21
|
|
14.04 LTS trusty | Not in release | |
linux-gke | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-goldfish | 18.04 LTS bionic | Not in release |
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-grouper | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 4.13.0-43.48~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-hwe-edge | 18.04 LTS bionic |
Fixed 4.18.0-8.9~18.04.1
|
16.04 LTS xenial |
Fixed 4.13.0-43.48~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-kvm | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 4.4.0-1020.25
|
|
14.04 LTS trusty | Not in release | |
linux-linaro-omap | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-shared | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-vexpress | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-quantal | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-raring | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-saucy | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-trusty | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-utopic | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-vivid | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Ignored | |
linux-lts-wily | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-xenial | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Fixed 4.4.0-119.143~14.04.1
|
|
linux-maguro | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-mako | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-manta | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 4.13.0-1028.31
|
|
14.04 LTS trusty | Not in release | |
linux-qcm-msm | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-raspi2 | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 4.4.0-1086.94
|
|
14.04 LTS trusty | Not in release | |
linux-snapdragon | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 4.4.0-1088.93
|
|
14.04 LTS trusty | Not in release | |
linux-ti-omap4 | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.7 · Medium |
Attack vector | Local |
Attack complexity | High |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-3653-1
- Linux kernel vulnerabilities
- 22 May 2018
- USN-3657-1
- Linux kernel (Raspberry Pi 2) vulnerabilities
- 22 May 2018
- USN-3655-1
- Linux kernel vulnerabilities
- 22 May 2018
- USN-3619-2
- Linux kernel (Xenial HWE) vulnerabilities
- 5 April 2018
- USN-3619-1
- Linux kernel vulnerabilities
- 4 April 2018
- USN-3653-2
- Linux kernel (HWE) vulnerabilities
- 22 May 2018
- USN-3655-2
- Linux kernel (Trusty HWE) vulnerabilities
- 22 May 2018