CVE-2017-14106 in Linuxinfo

Summary

by MITRE

The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 12/27/2022

The vulnerability identified as CVE-2017-14106 represents a critical flaw in the Linux kernel's TCP implementation that affects systems running versions prior to 4.12. This issue resides within the tcp_disconnect function located in the net/ipv4/tcp.c file, demonstrating a classic divide-by-zero error condition that can be exploited to trigger system crashes and denial of service conditions. The flaw specifically manifests when a local user executes a disconnect operation through a particular tcp_recvmsg code path, creating a scenario where the kernel's TCP stack fails to properly handle certain edge cases during connection termination.

The technical root cause of this vulnerability stems from improper input validation within the TCP connection handling logic. When the tcp_disconnect function processes a disconnect request, it encounters a condition where a division operation attempts to divide by zero, typically occurring during window selection calculations in the TCP protocol implementation. This divide-by-zero error represents a CWE-369 vulnerability category, specifically categorized as a divide by zero error in the context of kernel space operations. The error occurs because the kernel fails to properly validate the window size parameters before performing arithmetic operations, allowing an attacker to craft specific input conditions that force the kernel into an undefined state.

The operational impact of this vulnerability extends beyond simple system crashes, as it provides a local attacker with the capability to perform persistent denial of service attacks against the target system. Since the vulnerability exists within kernel space, successful exploitation can lead to complete system instability and potential system crashes that may require manual rebooting to restore normal operation. The attack vector requires local system access, making it particularly concerning for environments where untrusted users or processes have access to system resources, as it can be leveraged to disrupt critical services or applications that depend on stable network connectivity. This vulnerability aligns with ATT&CK technique T1499.004, which involves network denial of service attacks, though in this case the attack is executed locally rather than remotely.

Systems running Linux kernel versions prior to 4.12 remain at significant risk from this vulnerability, as the fix implemented in kernel version 4.12 properly validates window size parameters and prevents the division by zero condition from occurring during TCP disconnect operations. Organizations should prioritize immediate patching of affected systems to prevent exploitation, particularly in environments where local access is possible or where the system may be exposed to untrusted users. The vulnerability demonstrates the critical importance of proper input validation in kernel space operations and highlights the need for comprehensive testing of edge cases in network protocol implementations. Security administrators should monitor for systems running vulnerable kernel versions and implement proper access controls to limit local user privileges where possible, as the local privilege requirement reduces the attack surface but does not eliminate the risk entirely.

Reservation

09/01/2017

Disclosure

09/01/2017

Moderation

accepted

CPE

ready

EPSS

0.00445

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!