7.8

CVE-2017-9075

The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 3.2.89
LinuxLinux Kernel Version >= 3.3 < 3.16.44
LinuxLinux Kernel Version >= 3.17 < 3.18.56
LinuxLinux Kernel Version >= 3.19 < 4.1.42
LinuxLinux Kernel Version >= 4.2 < 4.4.71
LinuxLinux Kernel Version >= 4.5 < 4.9.31
LinuxLinux Kernel Version >= 4.10 < 4.11.4
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.37% 0.282
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://access.redhat.com/errata/RHSA-2017:1842
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2077
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1854
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2669
Third Party Advisory
https://source.android.com/security/bulletin/2017-10-01
Third Party Advisory
http://www.debian.org/security/2017/dsa-3886
Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8
Patch
Vendor Advisory
http://www.securityfocus.com/bid/98597
Third Party Advisory
VDB Entry
https://github.com/torvalds/linux/commit/fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8
Patch
Vendor Advisory
https://patchwork.ozlabs.org/patch/763569/
Patch
Third Party Advisory