Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7
CVSSv3

CVE-2017-7477

Published: 25/04/2017 Updated: 21/06/2023
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 614
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel up to and including 4.10.12 allows malicious users to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Ubuntu Security Notice: linux, linux-raspi2 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux, linux-raspi2 vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux-hwe vulnerability
The system could be made to crash or run programs as an administrator ...
Red Hat: CVE-2017-7477
A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff) The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature are both used together A remote user or process could use this flaw to potentia ...

References

CWE-119https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8feehttps://bugzilla.redhat.com/show_bug.cgi?id=1445207https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5294b83086cc1c35b4efeca03644cf9d12282e5bhttp://www.securityfocus.com/bid/98014http://www.securitytracker.com/id/1038500https://access.redhat.com/errata/RHSA-2017:1616https://access.redhat.com/errata/RHSA-2017:1615https://access.redhat.com/errata/RHSA-2017:1615https://nvd.nist.govhttps://usn.ubuntu.com/3293-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661open redirectCVE-2024-25512CVE-2024-33788command injectionSSTICVE-2024-0043CVE-2024-29210CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook