CVE-2017-17805

HIGH EPSS 34.4%
Published Dec 20, 20178y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Dec 20, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
34.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 22

VendorProductVersionRange
linuxlinux_kernel*≥2.6.25  –  <3.2.97
linuxlinux_kernel*≥3.3  –  <3.16.52
linuxlinux_kernel*≥3.17  –  <3.18.89
linuxlinux_kernel*≥3.19  –  <4.1.49
linuxlinux_kernel*≥4.2  –  <4.4.107
linuxlinux_kernel*≥4.5  –  <4.9.71
linuxlinux_kernel*≥4.10  –  <4.14.8
debiandebian_linux8.0any
debiandebian_linux9.0any
opensuseleap42.2any
opensuse_projectleap42.3any
suselinux_enterprise_desktop12any
suselinux_enterprise_desktop12any
suselinux_enterprise_server11any
suselinux_enterprise_server11any
suselinux_enterprise_server12any
suselinux_enterprise_server12any
suselinux_enterprise_server_for_raspberry_pi12any
canonicalubuntu_linux12.04any
canonicalubuntu_linux14.04any
canonicalubuntu_linux16.04any
canonicalubuntu_linux17.10any

References 24

  • git.kernel.org http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e
    Patch
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html
    Third Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
    Third Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html
    Third Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html
    Third Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html
    Third Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/102291
    Third Party AdvisoryVDB Entry
  • access.redhat.com https://access.redhat.com/errata/RHSA-2018:2948
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2018:3083
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2018:3096
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2019:2473
    Third Party Advisory
  • github.com https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/3617-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/3617-2/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/3617-3/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/3619-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/3619-2/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/3620-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/3620-2/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/3632-1/
    Third Party Advisory
  • debian.org https://www.debian.org/security/2017/dsa-4073
    Third Party Advisory
  • debian.org https://www.debian.org/security/2018/dsa-4082
    Third Party Advisory
  • kernel.org https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8
    Issue TrackingRelease Notes

Remediation

  • git.kernel.org http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e
    Patch
  • github.com https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e
    Patch