Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2017-7979

Published: 19/04/2017 Updated: 26/04/2017
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x up to and including 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 4.11

Vendor Advisories

Ubuntu Security Notice: linux, linux-raspi2 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: CVE-2017-7979
The cookie feature in the packet action API implementation in net/sched/act_apic in the Linux kernel 411x through 411-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter ad ...

References

CWE-20https://bugzilla.proxmox.com/show_bug.cgi?id=1351https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1682368http://marc.info/?l=linux-netdev&m=149251041420195http://marc.info/?l=linux-netdev&m=149251041420194http://marc.info/?l=linux-netdev&m=149200746116366http://marc.info/?l=linux-netdev&m=149200746116365http://marc.info/?l=linux-netdev&m=149200742616349http://www.securityfocus.com/bid/97969https://nvd.nist.govhttps://usn.ubuntu.com/3314-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651CVE-2024-34255elevation of privilegeCVE-2024-25529CVE-2024-4671NULL pointer dereferenceCVE-2024-25527template injectionCVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook