NVD

Vulnerability Change Records for CVE-2017-15129

Action	Type	Old Value	New Value
Added	CVSS V3		Red Hat, Inc. AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Removed	CWE	Red Hat, Inc. CWE-362
Removed	CWE Reason	CWE-362 / Assessment performed prior to CVMAP efforts
Changed	Description	A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.	A use-after-free vulnerability was found in a network namespaces code affecting the Linux kernel since v4.0-rc1 through v4.15-rc5. The function get_net_ns_by_id() does not check for the net::count value after it has found a peer network in netns_ids idr which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.