Linux » Linux Kernel : Security Vulnerabilities, CVEs, Published In August 2017 CVSS score >= 8
The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet.
Max CVSS
10.0
EPSS Score
1.43%
Published
2017-08-29
Updated
2023-01-17
In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.
Max CVSS
10.0
EPSS Score
0.94%
Published
2017-08-09
Updated
2023-01-19
2 vulnerabilities found