CVE-2017-13715

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.3

Description The issue is related to the skb flow dissect function in net/core/flow dissector.c, which does not properly initialize n proto, ip proto, and thoff. This allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet. The vulnerability is due to insufficient input validation, where the key control protocol returns true without setting values for n proto, ip proto, and thoff.

Recommendations For Linux kernel versions prior to 4.3, update to version 4.3 or later to resolve the issue. As a temporary workaround, consider restricting the handling of MPLS packets to minimize the risk of exploitation.