7.8

CVE-2017-18509

Exploit

An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.

Data is provided by the National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 3.16.72
LinuxLinux Kernel Version >= 3.17 < 4.4.187
LinuxLinux Kernel Version >= 4.5 < 4.9.187
LinuxLinux Kernel Version >= 4.10 < 4.11
CanonicalUbuntu Linux Version16.04 SwEditionlts
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.14% 0.346
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://usn.ubuntu.com/4145-1/
Third Party Advisory
https://seclists.org/bugtraq/2019/Aug/26
Third Party Advisory
Mailing List
https://lists.openwall.net/netdev/2017/12/04/40
Third Party Advisory
Mailing List