CVE-2017-14051

Опубликовано: 30 авг. 2017

Источник: redhat

CVSS3: 5.5

Описание

An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.

An integer overflow was discovered in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10. This flaw allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.

Отчет

This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. This flaw is not planned to be addressed in future releases of the products listed as the flaw is not exploitable by a non-privileged user.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Will not fix
Red Hat Enterprise Linux 6	kernel	Will not fix
Red Hat Enterprise Linux 7	kernel	Will not fix
Red Hat Enterprise Linux 7	kernel-alt	Affected
Red Hat Enterprise Linux 7	kernel-rt	Will not fix
Red Hat Enterprise MRG 2	realtime-kernel	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190

https://bugzilla.redhat.com/show_bug.cgi?id=1487126kernel: Integer overflow in the qla2x00_sysfs_write_optrom_ctl function

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2017-14051

CVSS3: 4.4

ubuntu

почти 8 лет назад

CVE-2017-14051

CVSS3: 4.4

nvd

почти 8 лет назад

CVE-2017-14051

CVSS3: 4.4

debian

почти 8 лет назад

An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in ...

GHSA-8ghc-95q8-w6ph

CVSS3: 4.4

github

около 3 лет назад

openSUSE-SU-2017:2384-1

suse-cvrf

почти 8 лет назад

Security update for the Linux Kernel

5.5 Medium

CVSS3