CVE-2017-17805

Advisory lineage Upstream: 0 Downstream: 22
Modified
Published: 20 Dec 2017, 23:00
Last modified:05 Aug 2024, 20:59

Vulnerability Summary

Overall Risk (default)
medium
31/100
CVSS Score
7.8 HIGH
v3.1 (nvd)
EPSS Score
0.03% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

20 Dec 2017, 23:00
Published
Vulnerability first disclosed
05 Aug 2024, 20:59
Last Modified
Vulnerability information updated

Description

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.

CVSS Metrics

  • v3.1HIGHScore: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • v2.0HIGHScore: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.03% Percentile: 9%

Techniques & Countermeasures

  • CWE-20Improper Input Validation

    The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

  • canonicalubuntu_linux

    12.04 | 14.04 | 16.04 | 17.10

  • debiandebian_linux

    8.0 | 9.0

  • linuxlinux_kernel

    ≥ 2.6.25, < 3.2.97 | ≥ 3.3, < 3.16.52 | ≥ 3.17, < 3.18.89 | ≥ 3.19, < 4.1.49 | ≥ 4.2, < 4.4.107 | ≥ 4.5, < 4.9.71 | ≥ 4.10, < 4.14.8

  • opensuse_projectleap

    42.3

  • opensuseleap

    42.2

  • suselinux_enterprise_desktop

    12:sp2 | 12:sp3

  • suselinux_enterprise_server

    11:extra | 11:sp4 | 12:sp2 | 12:sp3

  • suselinux_enterprise_server_for_raspberry_pi

    12:sp2

References (24)