PT-2017-18799 · Linux+5 · Linux Kernel+5

Andrey Konovalov

+1

·

Publicado

2017-05-26

·

Atualizado

2018-07-09

·

CVE-2017-9242

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.11.3
Description The issue is related to the ip6 append data function in the Linux kernel, which is too late in checking whether an overwrite of an skb data structure may occur. This allows local users to cause a denial of service (system crash) via crafted system calls.
Recommendations For Linux kernel versions prior to 4.11.3, update to version 4.11.3 or later to resolve the issue.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2017-1854
ALT-PU-2018-1991
CESA-2017_1842
CVE-2017-9242
DLA-993-1
DSA-3886-1
MGASA-2017-0186
MGASA-2017-0187
MGASA-2017-0188
OPENSUSE-SU-2017_1633-1
RHSA-2017:1842
RHSA-2017:2077
RHSA-2017_1842
RHSA-2017_2077
SUSE-SU-2017:1853-1
SUSE-SU-2017:1990-1
SUSE-SU-2017:2043-1
SUSE-SU-2017:2046-1
SUSE-SU-2017:2049-1
SUSE-SU-2017:2060-1
SUSE-SU-2017:2061-1
SUSE-SU-2017:2062-1
SUSE-SU-2017:2063-1
SUSE-SU-2017:2064-1
SUSE-SU-2017:2065-1
SUSE-SU-2017:2066-1
SUSE-SU-2017:2067-1
SUSE-SU-2017:2068-1
SUSE-SU-2017:2070-1
SUSE-SU-2017:2072-1
SUSE-SU-2017:2073-1
SUSE-SU-2017:2088-1
SUSE-SU-2017:2089-1
SUSE-SU-2017:2090-1
SUSE-SU-2017:2091-1
SUSE-SU-2017:2092-1
SUSE-SU-2017:2093-1
SUSE-SU-2017:2094-1
SUSE-SU-2017:2095-1
SUSE-SU-2017:2096-1
SUSE-SU-2017:2098-1
SUSE-SU-2017:2099-1
SUSE-SU-2017:2100-1
SUSE-SU-2017:2102-1
SUSE-SU-2017:2103-1
SUSE-SU-2017:2342-1
SUSE-SU-2017:2389-1
SUSE-SU-2017:2446-1
SUSE-SU-2017:2447-1
SUSE-SU-2017:2448-1
SUSE-SU-2017:2475-1
SUSE-SU-2017:2476-1
SUSE-SU-2017:2497-1
SUSE-SU-2017:2525-1
SUSE-SU-2017:2775-1
SUSE-SU-2017:2791-1
SUSE-SU-2017:2908-1
SUSE-SU-2017:2920-1
USN-3342-1
USN-3342-2
USN-3343-1
USN-3343-2
USN-3344-1
USN-3344-2
USN-3345-1

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu