Description: Missing range checks in xfrm_user allow heap buffer overflow and privilege escalation References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7184 Notes: bwh> xfrm_user is only accessible with CAP_NET_ADMIN capability (in any bwh> user namespace). So this is not exploitable by unprivileged users bwh> in a default Debian configuration. Bugs: upstream: released (4.11-rc5) [677e806da4d916052585301785d847c3b3e6186a, f843ee6dd019bcece3e74e76ad9df0155655d0df] 4.9-upstream-stable: released (4.9.20) [64a5465799ee40e3d54d9da3037934cd4b7b502f, 79191ea36dc9be10a9c9b03d6b341ed2d2f76045] 3.16-upstream-stable: released (3.16.44) [811f5600db1a0a9c4f1abad5017e09f43d7088f3, fda265baa45b630675359db3699bb68350c4b907] 3.2-upstream-stable: released (3.2.89) [04dba730e9d4798184b4769f74ef14c20f8c6f9a, 4d09fd3505c59374e599a29918ca40059be3d554] sid: released (4.9.18-1) [bugfix/all/xfrm_user-validate-xfrm_msg_newae-xfrma_replay_esn_val-replay_window.patch, bugfix/all/xfrm_user-validate-xfrm_msg_newae-incoming-esn-size-harder.patch] 3.16-jessie-security: released (3.16.43-1) [bugfix/all/xfrm_user-validate-xfrm_msg_newae-xfrma_replay_esn_val-replay_window.patch, bugfix/all/xfrm_user-validate-xfrm_msg_newae-incoming-esn-size-harder.patch] 3.2-wheezy-security: released (3.2.88-1) [bugfix/all/xfrm_user-validate-xfrm_msg_newae-xfrma_replay_esn_val-replay_window.patch, bugfix/all/xfrm_user-validate-xfrm_msg_newae-incoming-esn-size-harder.patch]