Vulnerability Details : CVE-2017-5986
Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.
Vulnerability category: Denial of service
Products affected by CVE-2017-5986
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-5986
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-5986
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.1
|
HIGH | AV:N/AC:M/Au:N/C:N/I:N/A:C |
8.6
|
6.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2017-5986
-
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Assigned by: nvd@nist.gov (Primary)
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-5986
-
https://access.redhat.com/errata/RHSA-2017:1308
RHSA-2017:1308 - Security Advisory - Red Hat Customer Portal
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2dcab598484185dea7ec22219c76dcdd59e3cb90
kernel/git/torvalds/linux.git - Linux kernel source treeIssue Tracking;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/96222
Linux Kernel 'net/sctp/socket.c' Local Denial of Service Vulnerability
-
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11
Release Notes;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2017/02/14/6
oss-security - Re: Linux kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf()Mailing List;Patch;Third Party Advisory
-
http://www.debian.org/security/2017/dsa-3804
Debian -- Security Information -- DSA-3804-1 linux
-
https://bugzilla.redhat.com/show_bug.cgi?id=1420276
1420276 – (CVE-2017-5986) CVE-2017-5986 kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbufIssue Tracking;Patch
-
https://github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76dcdd59e3cb90
sctp: avoid BUG_ON on sctp_wait_for_sndbuf · torvalds/linux@2dcab59 · GitHubIssue Tracking;Patch;Third Party Advisory
Jump to