Published: 08/03/2018 Updated: 24/05/2018

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 410

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

In the Linux kernel prior to 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Several security issues were fixed in the Linux kernel ...

Several security issues were addressed in the Linux kernel ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read mem ...

In the Linux kernel, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data This allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impacts ...

CWE-119 https://github.com/torvalds/linux/commit/412b65d15a7f8a93794653968308fc100f2aa87c http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=412b65d15a7f8a93794653968308fc100f2aa87c http://www.securityfocus.com/bid/103349 https://www.debian.org/security/2018/dsa-4188 https://usn.ubuntu.com/3654-2/https://usn.ubuntu.com/3654-1/https://usn.ubuntu.com/3656-1/https://nvd.nist.gov https://usn.ubuntu.com/3656-1/

CVE-2017-18222

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect