Published: 23/02/2017 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel prior to 4.9.11 allows remote malicious users to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...

Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts CVE-2016-9588 Jim Mattson discovered that the KVM implementation for Intel x86 processors does not properly handle #BP and #OF exceptions in an L2 (nested) virtual machine A local attacker ...

A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their p ...

Several security issues were fixed in the Linux kernel ...

Several security issues were fixed in the kernel ...

A flaw was found in the Linux kernel's handling of packets with the URG flag Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely ...

CWE-835 https://github.com/torvalds/linux/commit/ccf7abb93af09ad0868ae9033d1ca8108bdaec82 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccf7abb93af09ad0868ae9033d1ca8108bdaec82 http://www.securityfocus.com/bid/96421 http://www.securitytracker.com/id/1037897 https://source.android.com/security/bulletin/2017-09-01 http://www.debian.org/security/2017/dsa-3804 https://access.redhat.com/errata/RHSA-2017:1647 https://access.redhat.com/errata/RHSA-2017:1616 https://access.redhat.com/errata/RHSA-2017:1615 https://access.redhat.com/errata/RHSA-2017:1372 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2017:1615 https://usn.ubuntu.com/3422-2/https://www.debian.org/security/./dsa-3804

Get Started

CVE-2017-6214

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect