Vulnerability Details : CVE-2017-17863
kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2017-17863
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-17863
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-17863
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-17863
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-17863
-
http://www.securityfocus.com/bid/102321
Linux Kernel CVE-2017-17863 Local Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-reject-out-of-bounds-stack-pointer-calculation.patch?h=stretch-security
404 Not FoundPatch
-
https://usn.ubuntu.com/3523-3/
USN-3523-3: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security notices
-
http://www.securitytracker.com/id/1040058
Linux Kernel Extended BPF Verifier Stack Pointer Calculation Flaw Lets Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.spinics.net/lists/stable/msg206985.html
[PATCH stable/4.9 3/4] bpf: reject out-of-bounds stack pointer calculation — Linux Stable Kernel UpdatesIssue Tracking;Patch
-
https://usn.ubuntu.com/usn/usn-3523-2/
USN-3523-2: Linux kernel (HWE) vulnerabilities | Ubuntu security notices
-
https://www.debian.org/security/2017/dsa-4073
Debian -- Security Information -- DSA-4073-1 linuxThird Party Advisory
Jump to