Synology-SA-17:16 Linux kernel

Abstract

CVE-2017-7308 contains a heap overflow vulnerability which may be exploited by local users in DDSM to escalate privileges or escape from DDSM.

Severity

Moderate

Affected

• Products
  • DDSM
• Models
  • FS3017, FS2017, RS4017xs+, RS18017xs+, RS3617xs+, RS3617xs, RS3617RPxs, DS3617xs, DS1817+, DS1517+, RS18016xs+, RS2416+, RS2416RP+, DS916+, DS716+II, DS716+, DS216+II, DS216+, RC18015xs+, DS3615xs, DS2415+, DS1815+, DS1515+, RS815+, RS815RP+, DS415+, RS3614xs+, RS3614xs, RS3614RPxs, RS2414+, RS2414RP+, RS814+, RS814RP+, DS2413+, RS10613xs+, RS3413xs+, DS1813+, DS1513+, DS713+, DS3612xs, RS3412xs, RS3412RPxs, RS2212+, RS2212RP+, DS1812+, DS1512+, RS812+, RS812RP+, DS412+, DS712+, DS3611xs, DS2411+, RS3411xs, RS3411RPxs, RS2211+, RS2211RP+, DS1511+, DS411+II, DS411+, DS1010+, RS810+, RS810RP+, DS710+

Description

The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.

Mitigation

None

Update Availability

Synology will release a DSM 6.1 update (6.1.1-15101-03) to address this issue in the next few weeks.

References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7308
http://seclists.org/oss-sec/2017/q1/697
https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-7308
https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html