PT-2017-2720 · Linux+3 · Linux Kernel+3

Published

2017-08-02

Updated

2023-01-19

CVE-2017-12762

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions 3.18-stable through 4.12-stable

Description The issue is caused by a buffer overflow in the Linux kernel due to a user-controlled buffer being copied into a local buffer of constant size using the strcpy function without a length check. This can allow a remote attacker to cause buffer overflows, potentially impacting the confidentiality, integrity, and availability of protected information.

Recommendations For Linux kernel versions 3.18-stable through 4.12-stable, consider applying a patch that adds length checks to the strcpy function to prevent buffer overflows. As a temporary workaround, consider restricting access to the /drivers/isdn/i4l/isdn net.c driver to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2017-2044

ALT-PU-2017-2046

BDU:2017-01958

CVE-2017-12762

SUSE-SU-2017:2525-1

SUSE-SU-2017:2694-1

SUSE-SU-2017:2798-1

SUSE-SU-2017:2799-1

SUSE-SU-2017:2800-1

SUSE-SU-2017:2801-1

SUSE-SU-2017:2802-1

SUSE-SU-2017:2803-1

SUSE-SU-2017:2804-1

SUSE-SU-2017:2805-1

SUSE-SU-2017:2806-1

SUSE-SU-2017:2807-1

SUSE-SU-2017:2809-1

SUSE-SU-2017:2811-1

SUSE-SU-2017:2813-1

SUSE-SU-2017:2816-1

SUSE-SU-2017:2908-1

SUSE-SU-2017:2920-1

SUSE-SU-2017:3265-1

USN-3420-1

USN-3420-2

USN-3620-1

USN-3620-2

Affected Products

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2017-2720 · Linux+3 · Linux Kernel+3

CVE-2017-12762

Weakness Enumeration

Related Identifiers

Affected Products

References · 355