PT-2017-3603 · Linux+1 · Linux Kernel+1

Jun He

Published

2017-07-06

Updated

2023-02-07

CVE-2017-18218

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.13

Description: The issue is related to the hns enet.c component in the Linux kernel, specifically with the use of memory after it has been freed. This can be exploited by local users to cause a denial of service or possibly have other unspecified impacts. The exploitation is tied to differences in skb handling between hns nic net xmit hw and hns nic net xmit.

Recommendations: For Linux kernel versions prior to 4.13, update to version 4.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the hns enet.c component to minimize the risk of exploitation.

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2017-2206

ALT-PU-2018-1527

BDU:2018-00569

CVE-2017-18218

DSA-4188-1

Affected Products

Alt Linux

Linux Kernel

PT-2017-3603 · Linux+1 · Linux Kernel+1

CVE-2017-18218

Weakness Enumeration

Related Identifiers

Affected Products

References · 15