PT-2017-17629 · Linux+2 · Linux Kernel+2
Jonghwan Kim
·
Published
2017-03-28
·
Updated
2018-07-09
·
CVE-2017-7277
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 4.10.6
Description
The issue concerns the TCP stack in the Linux kernel, which improperly handles the
SCM TIMESTAMPING OPT STATS feature. This mishandling allows local users to either obtain sensitive information from the kernel's internal socket data structures or cause a denial of service through an out-of-bounds read. The issue is related to the net/core/skbuff.c and net/socket.c files.Recommendations
For Linux kernel versions prior to 4.10.6, update to version 4.10.6 or later to resolve the issue.
Fix
DoS
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Linux Kernel
Ubuntu