Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-7979

Опубликовано: 19 апр. 2017
Источник: nvd
CVSS3: 7.8
CVSS2: 7.2
EPSS Низкий

Описание

The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:4.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.11:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.11:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.11:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.11:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.11:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.11:rc7:*:*:*:*:*:*

EPSS

Процентиль: 13%
0.00044
Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2017-7979

CVSS3: 7.8
ubuntu
почти 9 лет назад

The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org.

redhat логотип

CVE-2017-7979

CVSS3: 5.5
redhat
почти 9 лет назад

The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org.

debian логотип

CVE-2017-7979

CVSS3: 7.8
debian
почти 9 лет назад

The cookie feature in the packet action API implementation in net/sche ...

github логотип

GHSA-94wh-pgqj-7f7r

CVSS3: 7.8
github
больше 3 лет назад

The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org.

fstec логотип

BDU:2017-01092

CVSS3: 7.8
fstec
почти 9 лет назад

Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

EPSS

Процентиль: 13%
0.00044
Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-20