Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-fcgc-hv63-hjmw

Опубликовано: 17 мая 2022
Источник: github
Github: Не прошло ревью
CVSS3: 7.8

Описание

The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission.

The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission.

Ссылки

EPSS

Процентиль: 25%
0.0008
Низкий

7.8 High

CVSS3

CVE ID

CVE-2017-6347

Дефекты

CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2017-6347

CVSS3: 7.8
ubuntu
больше 8 лет назад

The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission.

redhat логотип

CVE-2017-6347

CVSS3: 5.6
redhat
больше 8 лет назад

The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission.

nvd логотип

CVE-2017-6347

CVSS3: 7.8
nvd
больше 8 лет назад

The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission.

debian логотип

CVE-2017-6347

CVSS3: 7.8
debian
больше 8 лет назад

The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Li ...

fstec логотип

BDU:2018-00379

CVSS3: 7.8
fstec
больше 8 лет назад

Уязвимость функции ip_cmsg_recv_checksum (net/ipv4/ip_sockglue.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 25%
0.0008
Низкий

7.8 High

CVSS3

CVE ID

CVE-2017-6347

Дефекты

CWE-125