5.5

CVE-2017-15116

The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.2
RedhatEnterprise Linux Version7.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.293
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://access.redhat.com/errata/RHSA-2018:0676
https://access.redhat.com/errata/RHSA-2018:1062
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6
Patch
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1485815
Issue Tracking
Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=1514609
Issue Tracking
https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6
Patch
Vendor Advisory