5.5

CVE-2017-17862

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 4.14.8
DebianDebian Linux Version9.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.347
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://usn.ubuntu.com/3619-1/
https://usn.ubuntu.com/3619-2/
https://www.debian.org/security/2017/dsa-4073
Third Party Advisory
https://usn.ubuntu.com/usn/usn-3523-2/
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c131187db2d3fa2f8bf32fdf4e9a4ef805168467
Vendor Advisory
http://www.securityfocus.com/bid/102325
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040057
Third Party Advisory
VDB Entry
https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-fix-branch-pruning-logic.patch?h=stretch-security
Third Party Advisory
https://github.com/torvalds/linux/commit/c131187db2d3fa2f8bf32fdf4e9a4ef805168467
Third Party Advisory
https://www.spinics.net/lists/stable/msg206984.html
Patch
Third Party Advisory