7.8

CVE-2017-7618

crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.15 < 3.16.44
LinuxLinux Kernel Version >= 3.17 < 3.18.50
LinuxLinux Kernel Version >= 3.19 < 4.1.40
LinuxLinux Kernel Version >= 4.2 < 4.4.63
LinuxLinux Kernel Version >= 4.5 < 4.9.24
LinuxLinux Kernel Version >= 4.10 < 4.10.12
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.26% 0.898
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

http://marc.info/?l=linux-crypto-vger&m=149181655623850&w=2
Third Party Advisory
http://www.securityfocus.com/bid/97534
Third Party Advisory
VDB Entry
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03800en_us
Third Party Advisory