CVE-2017-6214 : The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11

The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.

Published 2017-02-23 17:59:00

Updated 2019-10-03 00:03:26

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2017-6214

Linux » Linux Kernel
Versions up to, including, (<=) 4.9.10
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-6214

EPSS FAQ

6.41%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 90 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-6214

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2017-6214

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-6214

https://source.android.com/security/bulletin/2017-09-01

Android Security Bulletin—September 2017 | Android Open Source Project

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:1647

RHSA-2017:1647 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:1615

RHSA-2017:1615 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.securitytracker.com/id/1037897

Linux Kernel tcp_splice_read() Infinite Loop Lets Remote Consume Excessive CPU Resources on the Target System - SecurityTracker
https://access.redhat.com/errata/RHSA-2017:1372

RHSA-2017:1372 - Security Advisory - Red Hat Customer Portal
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11

Release Notes;Vendor Advisory

CVEs referencing this url
https://github.com/torvalds/linux/commit/ccf7abb93af09ad0868ae9033d1ca8108bdaec82

tcp: avoid infinite loop in tcp_splice_read() · torvalds/linux@ccf7abb · GitHub
Issue Tracking;Patch;Third Party Advisory
http://www.debian.org/security/2017/dsa-3804

Debian -- Security Information -- DSA-3804-1 linux

CVEs referencing this url
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccf7abb93af09ad0868ae9033d1ca8108bdaec82

kernel/git/torvalds/linux.git - Linux kernel source tree
Issue Tracking;Patch;Third Party Advisory
http://www.securityfocus.com/bid/96421

Linux Kernel CVE-2017-6214 Remote Denial of Service Vulnerability
https://access.redhat.com/errata/RHSA-2017:1616

RHSA-2017:1616 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-6214

Products affected by CVE-2017-6214

Exploit prediction scoring system (EPSS) score for CVE-2017-6214

CVSS scores for CVE-2017-6214

CWE ids for CVE-2017-6214

References for CVE-2017-6214