Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2017-9077

Published: 19/05/2017 Updated: 24/02/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel up to and including 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: Important: kernel security, bug fix, and enhancement update
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Debian Security Advisories: DSA-3886-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2017-7487 Li Qiang reported a reference counter leak in the ipxitf_ioctl function which may result into a use-after-free vulnerability, triggerable when a IPX interface is configured CVE ...
Amazon Linux AMI: ALAS-2017-846
Module reference leak due to improper shut down of callback channel on umount:The NFSv4 implementation in the Linux kernel through 4111 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak (CVE-2 ...
Ubuntu Security Notice: linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-lts-xenial vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-raspi2 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-raspi2 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-hwe vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 An unprivileged local user could use this flaw to induce kernel memory corruption on the syst ...

Recent Articles

KRACK whacked, media playback holes packed, other bugs go splat in Android patch pact
The Register • Shaun Nichols in San Francisco • 07 Nov 2017

Update your firmware ASAP to avoid being hacked Google's answer to the Pixel 2 XL CRT-style screen burn in: Lower the brightness

Google has released its November security update for Android, addressing a bag of security holes. You should install them as soon as they are available for your phone, tablet and other gadgets. Depending on your mobile carrier and device manufacturer, they may arrive immediately, soon, late or never. Among the holes covered by the release is the KRACK Wi-Fi key reinstallation flaw that made headlines last month after researchers described how the flaw could potentially allow eavesdropping on nea...

Read more...

References

NVD-CWE-noinfohttps://patchwork.ozlabs.org/patch/760370/https://github.com/torvalds/linux/commit/83eaddab4378db256d00d295bda6ca997cd13a52http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52http://www.securityfocus.com/bid/98583http://www.debian.org/security/2017/dsa-3886https://source.android.com/security/bulletin/2017-11-01https://access.redhat.com/errata/RHSA-2017:2669https://access.redhat.com/errata/RHSA-2017:2077https://access.redhat.com/errata/RHSA-2017:1842https://access.redhat.com/errata/RHSA-2018:1854https://access.redhat.com/errata/RHSA-2018:1854https://nvd.nist.govhttps://usn.ubuntu.com/3344-1/https://www.debian.org/security/./dsa-3886
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook