CVE-2017-5986

EPSS 0.57%
Published 18.02.2017 21:59:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.

Affected products Warnungen 0 Metrics 3 CWE 2 References 11

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 4.9.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.57%	0.661

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:N/I:N/A:C

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://access.redhat.com/errata/RHSA-2017:1308

http://www.debian.org/security/2017/dsa-3804

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2dcab598484185dea7ec22219c76dcdd59e3cb90

Patch

Third Party Advisory

Issue Tracking

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11

Vendor Advisory

Release Notes

http://www.openwall.com/lists/oss-security/2017/02/14/6

Patch

Third Party Advisory