PT-2017-17629 · Linux+2 · Linux Kernel+2
Jonghwan Kim
·
Publicado
2017-03-28
·
Atualizado
2018-07-09
·
CVE-2017-7277
CVSS v3.1
7.1
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 4.10.6
Description
The issue concerns the TCP stack in the Linux kernel, which improperly handles the
SCM TIMESTAMPING OPT STATS feature. This mishandling allows local users to either obtain sensitive information from the kernel's internal socket data structures or cause a denial of service through an out-of-bounds read. The issue is related to the net/core/skbuff.c and net/socket.c files.Recommendations
For Linux kernel versions prior to 4.10.6, update to version 4.10.6 or later to resolve the issue.
Correção
DoS
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Linux Kernel
Ubuntu