Vulnerability Details : CVE-2017-17862
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2017-17862
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-17862
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-17862
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2017-17862
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-17862
-
https://github.com/torvalds/linux/commit/c131187db2d3fa2f8bf32fdf4e9a4ef805168467
bpf: fix branch pruning logic · torvalds/linux@c131187 · GitHubThird Party Advisory
-
http://www.securitytracker.com/id/1040057
Linux Kernel Extended BPF Verifier Branch Pruning Logic Error May Let Local Users Cause Denial of Service Conditions - SecurityTrackerThird Party Advisory;VDB Entry
-
https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-fix-branch-pruning-logic.patch?h=stretch-security
404 Not FoundThird Party Advisory
-
http://www.securityfocus.com/bid/102325
Linux Kernel CVE-2017-17862 Local Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c131187db2d3fa2f8bf32fdf4e9a4ef805168467
kernel/git/torvalds/linux.git - Linux kernel source treeVendor Advisory
-
https://usn.ubuntu.com/3619-1/
USN-3619-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://usn.ubuntu.com/3619-2/
USN-3619-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security notices
-
https://www.spinics.net/lists/stable/msg206984.html
[PATCH stable/4.9 2/4] bpf: fix branch pruning logic — Linux Stable Kernel UpdatesPatch;Third Party Advisory
-
https://usn.ubuntu.com/usn/usn-3523-2/
USN-3523-2: Linux kernel (HWE) vulnerabilities | Ubuntu security notices
-
https://www.debian.org/security/2017/dsa-4073
Debian -- Security Information -- DSA-4073-1 linuxThird Party Advisory
Jump to