CVE-2017-10663

Published: 19/08/2017 Updated: 17/01/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel prior to 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Several security issues were fixed in the Linux kernel ...

The sanity_check_ckpt function in fs/f2fs/superc in the Linux kernel before version 4124 does not validate the blkoff and segno arrays This allows an unprivileged, local user to cause a system panic and DoS Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely ...

Anchore Engine How To Guide Purpose: I started in the early days of docker Back then saying we are using docker now was enough to get you past the securtiy team But today not so much Security teams have caught up and now so have the tools Mature pipelines now include some sort of security scan Looking around for a free scanner with an enterprise upgrade option is few a

CWE-129 https://source.android.com/security/bulletin/2017-08-01 https://github.com/torvalds/linux/commit/15d3042a937c13f5d9244241c7a9c8416ff6e82a https://bugzilla.redhat.com/show_bug.cgi?id=1481149 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.4 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=15d3042a937c13f5d9244241c7a9c8416ff6e82a http://www.securityfocus.com/bid/100215 https://nvd.nist.gov https://github.com/roachmd/anchorenginehowto https://usn.ubuntu.com/3468-1/

CVE-2017-10663

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect