CVE-2017-5123

EPSS 1.98%
Published 02.11.2021 22:15:08
Last modified 21.11.2024 03:27:06
Source chrome-cve-admin@google.com
Teams watchlist Login
Open Login

Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.13 < 4.13.7

Netapp ≫ Cloud Backup Version-

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Version-

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Netapp ≫ H300e Firmware Version-

Netapp ≫ H300e Version-

Netapp ≫ H500e Firmware Version-

Netapp ≫ H500e Version-

Netapp ≫ H700e Firmware Version-

Netapp ≫ H700e Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.98%	0.829

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://crbug.com/772848

Vendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96ca579a1ecc943b75beba58bebb0356f6cc4b51

Patch

Vendor Advisory

https://security.netapp.com/advisory/ntap-20211223-0003/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-5123

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-5123

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-5123

EUVD