7.1

CVE-2017-5986

Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 4.9.11
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.16% 0.631
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://access.redhat.com/errata/RHSA-2017:1308
http://www.debian.org/security/2017/dsa-3804
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2dcab598484185dea7ec22219c76dcdd59e3cb90
Patch
Third Party Advisory
Issue Tracking
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11
Vendor Advisory
Release Notes
http://www.openwall.com/lists/oss-security/2017/02/14/6
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/96222
https://bugzilla.redhat.com/show_bug.cgi?id=1420276
Patch
Issue Tracking
https://github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76dcdd59e3cb90
Patch
Third Party Advisory
Issue Tracking