exploitDog

CVE-2017-10663

Опубликовано: 19 авг. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.

Ссылки

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=15d3042a937c13f5d9244241c7a9c8416ff6e82a
Mailing List
Patch
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.4
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/100215
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1481149
Issue Tracking
Patch
https://github.com/torvalds/linux/commit/15d3042a937c13f5d9244241c7a9c8416ff6e82a
Patch
Third Party Advisory
https://source.android.com/security/bulletin/2017-08-01
Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=15d3042a937c13f5d9244241c7a9c8416ff6e82a
Mailing List
Patch
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.4
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/100215
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1481149
Issue Tracking
Patch
https://github.com/torvalds/linux/commit/15d3042a937c13f5d9244241c7a9c8416ff6e82a
Patch
Third Party Advisory
https://source.android.com/security/bulletin/2017-08-01
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.8 (включая) до 3.18.64 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.19 (включая) до 4.1.44 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.2 (включая) до 4.4.81 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.5 (включая) до 4.9.42 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.10 (включая) до 4.12.4 (исключая)

EPSS

Процентиль: 14%

0.00046

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-129

Связанные уязвимости

CVE-2017-10663

CVSS3: 7.8

ubuntu

больше 8 лет назад

The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.

CVE-2017-10663

CVSS3: 4.7

redhat

больше 8 лет назад

The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.

CVE-2017-10663

CVSS3: 7.8

debian

больше 8 лет назад

The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel ...

GHSA-596f-c2w8-w394

CVSS3: 7.8

github

больше 3 лет назад

The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.

BDU:2017-02025

CVSS3: 7.8

fstec

больше 8 лет назад

Уязвимость функции sanity_check_ckpt операционной системы Linux, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 14%

0.00046

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-129