suse · CVE-2017-15129

Quick triage

Priority: medium Published: 2021-05-30 14:02:57 UTC Updated: 2025-03-25 00:45:28 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-15129 severity moderate: SUSE including 143 source package names (cluster-md-kmp-default-4.12.14-120.1, cluster-md-kmp-default-4.4.114-92.64.1, …), 281 product×package rows across 59 product lines (SUSE Liberty Linux 7, SUSE Linux Enterprise Desktop 12 SP2, … (59 product lines)): Fixed 191, Known Not Affected 90.

Description:

A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.

cvelogic Threat Intelligence