Vulnerability Details : CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2017-9242
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-9242
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-9242
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2017-9242
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-9242
-
https://github.com/torvalds/linux/commit/232cd35d0804cc241eb887bb8d4d9b3b9881c64a
ipv6: fix out of bound writes in __ip6_append_data() · torvalds/linux@232cd35 · GitHubIssue Tracking;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/98731
Linux kernel CVE-2017-9242 Local Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=232cd35d0804cc241eb887bb8d4d9b3b9881c64a
kernel/git/torvalds/linux.git - Linux kernel source treeIssue Tracking;Patch;Third Party Advisory
-
https://patchwork.ozlabs.org/patch/764880/
[net] ipv6: fix out of bound writes in __ip6_append_data() - PatchworkBroken Link
-
http://www.debian.org/security/2017/dsa-3886
Debian -- Security Information -- DSA-3886-1 linux
-
https://access.redhat.com/errata/RHSA-2017:1842
RHSA-2017:1842 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:2077
RHSA-2017:2077 - Security Advisory - Red Hat Customer Portal
Jump to