CVE-2017-16939

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-16939

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16939.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-16939

Downstream

DEBIAN-CVE-2017-16939

DLA-1200-1

DSA-4082-1

RHSA-2018:0654

RHSA-2018:1318

RHSA-2018:1355

RHSA-2019:1170

RHSA-2019:1190

SUSE-SU-2017:3210-1

SUSE-SU-2017:3225-1

SUSE-SU-2017:3226-1

SUSE-SU-2017:3249-1

SUSE-SU-2017:3284-1

SUSE-SU-2017:3285-1

SUSE-SU-2017:3286-1

SUSE-SU-2017:3287-1

SUSE-SU-2017:3288-1

SUSE-SU-2017:3289-1

SUSE-SU-2017:3290-1

SUSE-SU-2017:3291-1

SUSE-SU-2017:3292-1

SUSE-SU-2017:3293-1

SUSE-SU-2017:3295-1

SUSE-SU-2017:3296-1

SUSE-SU-2017:3297-1

SUSE-SU-2017:3299-1

SUSE-SU-2017:3300-1

SUSE-SU-2017:3301-1

SUSE-SU-2017:3302-1

SUSE-SU-2017:3303-1

SUSE-SU-2017:3304-1

SUSE-SU-2017:3305-1

SUSE-SU-2017:3306-1

SUSE-SU-2017:3307-1

SUSE-SU-2017:3308-1

SUSE-SU-2017:3309-1

SUSE-SU-2017:3310-1

SUSE-SU-2017:3312-1

SUSE-SU-2017:3313-1

SUSE-SU-2017:3314-1

SUSE-SU-2017:3316-1

SUSE-SU-2017:3317-1

SUSE-SU-2017:3318-1

SUSE-SU-2017:3319-1

SUSE-SU-2017:3320-1

SUSE-SU-2017:3321-1

SUSE-SU-2017:3322-1

SUSE-SU-2017:3323-1

SUSE-SU-2017:3324-1

SUSE-SU-2017:3332-1

SUSE-SU-2017:3336-1

SUSE-SU-2017:3337-1

SUSE-SU-2017:3338-1

SUSE-SU-2017:3340-1

SUSE-SU-2018:0011-1

SUSE-SU-2018:0040-1

SUSE-SU-2018:0180-1

SUSE-SU-2018:0213-1

SUSE-SU-2018:0237-1

SUSE-SU-2018:0238-1

SUSE-SU-2018:0239-1

SUSE-SU-2018:0240-1

SUSE-SU-2018:0241-1

SUSE-SU-2018:0242-1

SUSE-SU-2018:0244-1

SUSE-SU-2018:0245-1

SUSE-SU-2018:0249-1

SUSE-SU-2018:0250-1

SUSE-SU-2018:0251-1

SUSE-SU-2018:0252-1

SUSE-SU-2018:0253-1

SUSE-SU-2018:0265-1

SUSE-SU-2018:0266-1

SUSE-SU-2018:0268-1

SUSE-SU-2018:0269-1

SUSE-SU-2018:0270-1

SUSE-SU-2018:0271-1

SUSE-SU-2018:0272-1

SUSE-SU-2018:0273-1

SUSE-SU-2018:0274-1

SUSE-SU-2018:0275-1

SUSE-SU-2018:0276-1

SUSE-SU-2018:0277-1

SUSE-SU-2018:0278-1

SUSE-SU-2018:0280-1

SUSE-SU-2018:0281-1

SUSE-SU-2018:0282-1

SUSE-SU-2018:0296-1

SUSE-SU-2018:0297-1

SUSE-SU-2018:0340-1

SUSE-SU-2018:0345-1

SUSE-SU-2018:0346-1

SUSE-SU-2018:0347-1

SUSE-SU-2019:0148-1

SUSE-SU-2019:0320-1

UBUNTU-CVE-2017-16939

USN-3507-2

USN-3508-2

USN-3509-1

USN-3509-2

USN-3510-1

USN-3511-1

Related

Published

2017-11-24T10:29:00.213Z

Modified

2026-03-15T22:15:30.084108Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The XFRM dump policy implementation in net/xfrm/xfrmuser.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SORCVBUF setsockopt system call in conjunction with XFRMMSGGETPOLICY Netlink messages.

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16939.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "2.6.28"
            },
            {
                "fixed": "3.2.97"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "3.3"
            },
            {
                "fixed": "3.16.52"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "3.17"
            },
            {
                "fixed": "3.18.86"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "3.19"
            },
            {
                "fixed": "4.1.48"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "4.2"
            },
            {
                "fixed": "4.4.104"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "4.5"
            },
            {
                "fixed": "4.9.60"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "4.10"
            },
            {
                "fixed": "4.13.11"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    }
]