CVE-2017-5970

Опубликовано: 04 фев. 2017

Источник: redhat

CVSS3: 7.5

Описание

The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.

A vulnerability was found in the Linux kernel where having malicious IP options present would cause the ipv4_pktinfo_prepare() function to drop/free the dst. This could result in a system crash or possible privilege escalation.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code which can trigger the flaw is not present in the products listed. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2017:2077	01.08.2017
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2017:1842	01.08.2017
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2017:2669	06.09.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1421638kernel: ipv4: Invalid IP options could cause skb->dst drop

7.5 High

CVSS3

Связанные уязвимости

CVE-2017-5970

CVSS3: 7.5

ubuntu

больше 8 лет назад

CVE-2017-5970

CVSS3: 7.5

nvd

больше 8 лет назад

CVE-2017-5970

CVSS3: 7.5

debian

больше 8 лет назад

The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Lin ...

SUSE-SU-2017:0786-1

suse-cvrf

больше 8 лет назад

Security update for Linux Kernel Live Patch 12 for SLE 12 SP1

SUSE-SU-2017:0781-1

suse-cvrf

больше 8 лет назад

Security update for Linux Kernel Live Patch 3 for SLE 12 SP2

7.5 High

CVSS3