CVE-2017-0553

07.04.2017, 22:59

An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7 HIGH	LOCAL	HIGH	NONE	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 48%

Affected Products (NVD)

Vendor	Product	Version
google	android	5.0
google	android	5.0.1
google	android	5.0.2
google	android	5.1
google	android	5.1.0
google	android	5.1.1
google	android	6.0
google	android	6.0.1
google	android	7.0
google	android	7.1.0
google	android	7.1.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libnl3

bookworm	3.7.0-0.2 fixed
bullseye	3.4.0-1 fixed
sid	3.7.0-0.3 fixed
trixie	3.7.0-0.3 fixed

Ubuntu Releases

Ubuntu Product

Codename

libnl

artful	dne
bionic	dne
cosmic	dne
disco	dne
precise	Fixed 1.1-7+deb7u1build0.12.04.1 released
trusty	dne
xenial	dne
yakkety	dne
zesty	dne

libnl3

artful	Fixed 3.2.29-0ubuntu3 released
bionic	Fixed 3.2.29-0ubuntu3 released
cosmic	Fixed 3.2.29-0ubuntu3 released
disco	Fixed 3.2.29-0ubuntu3 released
precise	ignored
trusty	Fixed 3.2.21-1ubuntu4.1 released
xenial	Fixed 3.2.27-1ubuntu0.16.04.1 released
yakkety	Fixed 3.2.27-1ubuntu0.16.10.1 released
zesty	Fixed 3.2.29-0ubuntu2.1 released

Red Hat Enterprise Linux Releases

Red Hat Product

Release

NetworkManager

RHEL 7

1:1.8.0-9.el7

fixed

NetworkManager-adsl

RHEL 7

1:1.8.0-9.el7

fixed

NetworkManager-bluetooth

RHEL 7

1:1.8.0-9.el7

fixed

NetworkManager-config-server

RHEL 7

1:1.8.0-9.el7

fixed

NetworkManager-dispatcher-routing-rules

RHEL 7

1:1.8.0-9.el7

fixed

NetworkManager-glib

RHEL 7

1:1.8.0-9.el7

fixed

NetworkManager-glib-devel

RHEL 7

1:1.8.0-9.el7

fixed

NetworkManager-libnm

RHEL 7

1:1.8.0-9.el7

fixed

NetworkManager-libnm-devel

RHEL 7

1:1.8.0-9.el7

fixed

NetworkManager-libreswan

RHEL 7

0:1.2.4-2.el7

fixed

NetworkManager-libreswan-gnome

RHEL 7

0:1.2.4-2.el7

fixed

NetworkManager-ppp

RHEL 7

1:1.8.0-9.el7

fixed

NetworkManager-team

RHEL 7

1:1.8.0-9.el7

fixed

NetworkManager-tui

RHEL 7

1:1.8.0-9.el7

fixed

NetworkManager-wifi

RHEL 7

1:1.8.0-9.el7

fixed

NetworkManager-wwan

RHEL 7

1:1.8.0-9.el7

fixed

libnl3

RHEL 7

0:3.2.28-4.el7

fixed

libnl3-cli

RHEL 7

0:3.2.28-4.el7

fixed

libnl3-devel

RHEL 7

0:3.2.28-4.el7

fixed

libnl3-doc

RHEL 7

0:3.2.28-4.el7

fixed

libnm-gtk

RHEL 7

0:1.8.0-3.el7

fixed

libnm-gtk-devel

RHEL 7

0:1.8.0-3.el7

fixed

libnma

RHEL 7

0:1.8.0-3.el7

fixed

libnma-devel

RHEL 7

0:1.8.0-3.el7

fixed

network-manager-applet

RHEL 7

0:1.8.0-3.el7

fixed

nm-connection-editor

RHEL 7

0:1.8.0-3.el7

fixed

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb

http://lists.infradead.org/pipermail/libnl/2017-May/002313.html

http://www.securityfocus.com/bid/97340

http://www.securitytracker.com/id/1038201

http://www.ubuntu.com/usn/USN-3311-2

https://access.redhat.com/errata/RHSA-2017:2299

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VCF5KS6HOJZLFIY2ZSXSVSDQX65A2PU/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIHASXRQO2YTQPKVP4VGIB2XHPANG6YX/

https://source.android.com/security/bulletin/2017-04-01

https://usn.ubuntu.com/usn/usn-3311-1/

http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb

http://lists.infradead.org/pipermail/libnl/2017-May/002313.html

http://www.securityfocus.com/bid/97340

http://www.securitytracker.com/id/1038201

http://www.ubuntu.com/usn/USN-3311-2

https://access.redhat.com/errata/RHSA-2017:2299

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VCF5KS6HOJZLFIY2ZSXSVSDQX65A2PU/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIHASXRQO2YTQPKVP4VGIB2XHPANG6YX/

https://source.android.com/security/bulletin/2017-04-01

https://usn.ubuntu.com/usn/usn-3311-1/