7.8

CVE-2017-7979

The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org.

Data is provided by the National Vulnerability Database (NVD)
LinuxLinux Kernel Version4.11 Updaterc1
LinuxLinux Kernel Version4.11 Updaterc2
LinuxLinux Kernel Version4.11 Updaterc3
LinuxLinux Kernel Version4.11 Updaterc4
LinuxLinux Kernel Version4.11 Updaterc5
LinuxLinux Kernel Version4.11 Updaterc6
LinuxLinux Kernel Version4.11 Updaterc7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.103
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://marc.info/?l=linux-netdev&m=149200742616349
Patch
Third Party Advisory
Mailing List
http://marc.info/?l=linux-netdev&m=149200746116365
Patch
Third Party Advisory
Mailing List
http://marc.info/?l=linux-netdev&m=149200746116366
Patch
Third Party Advisory
Mailing List
http://marc.info/?l=linux-netdev&m=149251041420194
Patch
Third Party Advisory
Mailing List
http://marc.info/?l=linux-netdev&m=149251041420195
Patch
Third Party Advisory
Mailing List