Vulnerability Details : CVE-2017-15128
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).
Vulnerability category: OverflowDenial of service
Products affected by CVE-2017-15128
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-15128
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-15128
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2017-15128
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2017-15128
-
https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df
userfaultfd: hugetlbfs: prevent UFFDIO_COPY to fill beyond the end of… · torvalds/linux@1e39214 · GitHubPatch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1525222
1525222 – (CVE-2017-15128) CVE-2017-15128 kernel: Out of bound access in hugetlb_mcopy_atomic_pte function in mm/hugetlb.cIssue Tracking;Patch;Third Party Advisory
-
https://access.redhat.com/security/cve/CVE-2017-15128
CVE-2017-15128 - Red Hat Customer PortalThird Party Advisory
-
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12
Issue Tracking;Release Notes;Vendor Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
Jump to