7.8

CVE-2017-15951

The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.4 < 4.4.95
LinuxLinux Kernel Version >= 4.5 < 4.9.59
LinuxLinux Kernel Version >= 4.10 < 4.13.10
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.33
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=363b02dab09b3226f3bd1420dad9c72b79a42a76
Patch
Third Party Advisory
Issue Tracking
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.10
Vendor Advisory
Release Notes
http://www.securityfocus.com/bid/101621
Third Party Advisory
VDB Entry
https://github.com/torvalds/linux/commit/363b02dab09b3226f3bd1420dad9c72b79a42a76
Patch
Third Party Advisory
Issue Tracking