[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-1000112":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":28,"aliases":81,"duplicate_of":9,"upstream":82,"downstream":83,"duplicates":222,"related":223,"reserved_at":9,"published_at":279,"modified_at":280,"state":281,"summary":282,"references_raw":289,"kevs":356,"epss":357,"epss_history":360,"metrics":578,"affected":589},"CVE-2017-1000112","Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 (\"[IPv4/IPv6]: UFO Scatter-gather approach\") on Oct 18 2005.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-362","Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.","weakness","Draft","Class","Medium",[20,24],{"id":21,"name":22,"techniques":23},"CAPEC-26","Leveraging Race Conditions",[],{"id":25,"name":26,"techniques":27},"CAPEC-29","Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",[],[29,43,51,62],{"_key":30,"name":31,"source":32,"url":33,"maturity":34,"reliability_score":35,"verified":36,"type":37,"platforms":38,"requires_auth":9,"exploitdb":40,"metasploit":9},"45147","Linux Kernel - UDP Fragmentation Offset 'UFO' Privilege Escalation (Metasploit)","exploit-database","https://www.exploit-db.com/exploits/45147","weaponized",0.8,true,"local",[39],"linux",{"verified":36,"type":37,"platform":39,"file":41,"codes":42},"exploits/linux/local/45147.rb",[7],{"_key":44,"name":45,"source":32,"url":46,"maturity":34,"reliability_score":35,"verified":36,"type":37,"platforms":47,"requires_auth":9,"exploitdb":48,"metasploit":9},"43418","Linux Kernel \u003C 4.4.0-83 / \u003C 4.8.0-58 (Ubuntu 14.04/16.04) - Local Privilege Escalation (KASLR / SMEP)","https://www.exploit-db.com/exploits/43418",[39],{"verified":36,"type":37,"platform":39,"file":49,"codes":50},"exploits/linux/local/43418.c",[7],{"_key":52,"name":53,"source":32,"url":54,"maturity":55,"reliability_score":56,"verified":57,"type":37,"platforms":58,"requires_auth":9,"exploitdb":59,"metasploit":9},"47169","Linux Kernel \u003C 4.4.0/ \u003C 4.8.0 (Ubuntu 14.04/16.04 / Linux Mint 17/18 / Zorin) - Local Privilege Escalation (KASLR / SMEP)","https://www.exploit-db.com/exploits/47169","poc",0.5,false,[39],{"verified":57,"type":37,"platform":39,"file":60,"codes":61},"exploits/linux/local/47169.c",[7],{"_key":63,"name":64,"source":65,"url":66,"maturity":34,"reliability_score":67,"verified":36,"type":68,"platforms":69,"requires_auth":57,"exploitdb":9,"metasploit":70},"MSF_EXPLOIT_LINUX_LOCAL_UFO_PRIVILEGE_ESCALATION","Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation","metasploit","https://github.com/rapid7/metasploit-framework/blob/master/modules/exploit/linux/local/ufo_privilege_escalation.rb",0.6666666666666666,"remote",[],{"fullname":71,"rank":72,"rank_name":73,"post_auth":57,"check":36,"notes":74},"exploit/linux/local/ufo_privilege_escalation",400,"good",{"Stability":75,"SideEffects":77,"Reliability":79},[76],"crash-os-down",[78],"unknown-side-effects",[80],"repeatable-session",[],[],[84,86,88,90,92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124,126,128,130,132,134,136,138,140,142,144,146,148,150,152,154,156,158,160,162,164,166,168,170,172,174,176,178,180,182,184,186,188,190,192,194,196,198,200,202,204,206,208,210,212,214,216,218,220],{"_key":85},"SUSE-SU-2017:2150-1",{"_key":87},"SUSE-SU-2017:2423-1",{"_key":89},"SUSE-SU-2017:2447-1",{"_key":91},"SUSE-SU-2017:2508-1",{"_key":93},"SUSE-SU-2017:2131-1",{"_key":95},"SUSE-SU-2017:2142-1",{"_key":97},"SUSE-SU-2017:2286-1",{"_key":99},"SUSE-SU-2017:2424-1",{"_key":101},"SUSE-SU-2017:2436-1",{"_key":103},"SUSE-SU-2017:2437-1",{"_key":105},"SUSE-SU-2017:2438-1",{"_key":107},"SUSE-SU-2017:2438-2",{"_key":109},"SUSE-SU-2017:2439-1",{"_key":111},"SUSE-SU-2017:2440-1",{"_key":113},"SUSE-SU-2017:2441-1",{"_key":115},"SUSE-SU-2017:2442-1",{"_key":117},"SUSE-SU-2017:2443-1",{"_key":119},"SUSE-SU-2017:2446-1",{"_key":121},"SUSE-SU-2017:2448-1",{"_key":123},"SUSE-SU-2017:2454-1",{"_key":125},"SUSE-SU-2017:2455-1",{"_key":127},"SUSE-SU-2017:2456-1",{"_key":129},"SUSE-SU-2017:2457-1",{"_key":131},"SUSE-SU-2017:2458-1",{"_key":133},"SUSE-SU-2017:2464-1",{"_key":135},"SUSE-SU-2017:2465-1",{"_key":137},"SUSE-SU-2017:2467-1",{"_key":139},"SUSE-SU-2017:2469-1",{"_key":141},"SUSE-SU-2017:2471-1",{"_key":143},"SUSE-SU-2017:2472-1",{"_key":145},"SUSE-SU-2017:2473-1",{"_key":147},"SUSE-SU-2017:2474-1",{"_key":149},"SUSE-SU-2017:2475-1",{"_key":151},"SUSE-SU-2017:2476-1",{"_key":153},"SUSE-SU-2017:2497-1",{"_key":155},"SUSE-SU-2017:2498-1",{"_key":157},"SUSE-SU-2017:2499-1",{"_key":159},"SUSE-SU-2017:2500-1",{"_key":161},"SUSE-SU-2017:2506-1",{"_key":163},"SUSE-SU-2017:2509-1",{"_key":165},"SUSE-SU-2017:2510-1",{"_key":167},"SUSE-SU-2017:2511-1",{"_key":169},"SUSE-SU-2017:2525-1",{"_key":171},"SUSE-SU-2017:2694-1",{"_key":173},"SUSE-SU-2017:2775-1",{"_key":175},"SUSE-SU-2017:2791-1",{"_key":177},"SUSE-SU-2017:2813-1",{"_key":179},"SUSE-SU-2017:2956-1",{"_key":181},"SUSE-SU-2017:3265-1",{"_key":183},"USN-3384-2",{"_key":185},"USN-3385-2",{"_key":187},"DSA-3981-1",{"_key":189},"MGASA-2017-0278",{"_key":191},"MGASA-2017-0279",{"_key":193},"MGASA-2017-0287",{"_key":195},"MGASA-2017-0288",{"_key":197},"MGASA-2017-0296",{"_key":199},"MGASA-2017-0309",{"_key":201},"UBUNTU-CVE-2017-1000112",{"_key":203},"USN-3385-1",{"_key":205},"USN-3386-1",{"_key":207},"DEBIAN-CVE-2017-1000112",{"_key":209},"RHSA-2017:2918",{"_key":211},"RHSA-2017:2930",{"_key":213},"RHSA-2017:2931",{"_key":215},"RHSA-2017:3200",{"_key":217},"RHSA-2019:1931",{"_key":219},"RHSA-2019:1932",{"_key":221},"RHSA-2019:4159",[],[224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278],{"_key":85},{"_key":87},{"_key":89},{"_key":91},{"_key":93},{"_key":95},{"_key":97},{"_key":99},{"_key":101},{"_key":103},{"_key":105},{"_key":107},{"_key":109},{"_key":111},{"_key":113},{"_key":115},{"_key":117},{"_key":119},{"_key":121},{"_key":123},{"_key":125},{"_key":127},{"_key":129},{"_key":131},{"_key":133},{"_key":135},{"_key":137},{"_key":139},{"_key":141},{"_key":143},{"_key":145},{"_key":147},{"_key":149},{"_key":151},{"_key":153},{"_key":155},{"_key":157},{"_key":159},{"_key":161},{"_key":163},{"_key":165},{"_key":167},{"_key":169},{"_key":171},{"_key":173},{"_key":175},{"_key":177},{"_key":179},{"_key":181},{"_key":189},{"_key":191},{"_key":193},{"_key":195},{"_key":197},{"_key":199},"2017-10-04T01:00:00.000Z","2024-08-05T21:53:06.785Z","Modified",{"cisa_kev":57,"cisa_ransomware":57,"cisa_vendor":9,"epss_severity":283,"epss_score":284,"severity":285,"severity_score":4,"severity_version":286,"severity_source":287,"severity_vector":288,"severity_status":281},"critical",0.8286,"high","v3.1","nvd","CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",[290,299,305,311,315,319,324,329,334,340,344,348,352],{"url":291,"sources":292,"tags":294},"http://seclists.org/oss-sec/2017/q3/277",[293,287],"cve.org",[295,296,297,298],"Mailing List","X Refsource MLIST","Patch","Third Party Advisory",{"url":300,"sources":301,"tags":302},"https://access.redhat.com/errata/RHSA-2017:3200",[293,287],[303,304,298],"Vendor Advisory","X Refsource REDHAT",{"url":306,"sources":307,"tags":308},"http://www.securityfocus.com/bid/100262",[293,287],[309,310,298],"VDB Entry","X Refsource BID",{"url":312,"sources":313,"tags":314},"https://access.redhat.com/errata/RHSA-2017:2918",[293,287],[303,304,298],{"url":316,"sources":317,"tags":318},"https://access.redhat.com/errata/RHSA-2017:2931",[293,287],[303,304,298],{"url":320,"sources":321,"tags":322},"http://www.debian.org/security/2017/dsa-3981",[293,287],[303,323,298],"X Refsource DEBIAN",{"url":325,"sources":326,"tags":327},"https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-1000112",[293,287],[328,298],"X Refsource MISC",{"url":330,"sources":331,"tags":332},"http://www.securitytracker.com/id/1039162",[293,287],[309,333,298],"X Refsource SECTRACK",{"url":335,"sources":336,"tags":337},"https://www.exploit-db.com/exploits/45147/",[293,287],[338,339,298,309],"Exploit","X Refsource EXPLOIT DB",{"url":341,"sources":342,"tags":343},"https://access.redhat.com/errata/RHSA-2017:2930",[293,287],[303,304,298],{"url":345,"sources":346,"tags":347},"https://access.redhat.com/errata/RHSA-2019:1932",[293,287],[303,304,298],{"url":349,"sources":350,"tags":351},"https://access.redhat.com/errata/RHSA-2019:1931",[293,287],[303,304,298],{"url":353,"sources":354,"tags":355},"https://access.redhat.com/errata/RHSA-2019:4159",[293,287],[303,304,298],[],{"date":358,"score":284,"percentile":359},"2026-06-03",0.99266,[361,365,367,369,371,373,375,377,380,382,384,386,388,390,392,395,397,400,403,405,407,409,411,413,415,417,419,423,426,429,431,434,437,439,442,445,448,451,453,456,458,460,463,466,468,470,472,475,478,480,483,486,490,492,495,498,500,502,504,507,509,511,514,516,519,521,524,526,528,530,532,534,536,539,542,544,546,548,550,552,554,557,559,562,564,566,568,571,573,575],{"date":362,"score":363,"percentile":364},"2025-11-04",0.84285,0.99267,{"date":366,"score":363,"percentile":359},"2025-11-05",{"date":368,"score":363,"percentile":359},"2025-11-06",{"date":370,"score":363,"percentile":364},"2025-11-07",{"date":372,"score":363,"percentile":359},"2025-11-08",{"date":374,"score":363,"percentile":359},"2025-11-09",{"date":376,"score":363,"percentile":359},"2025-11-10",{"date":378,"score":363,"percentile":379},"2025-11-11",0.99265,{"date":381,"score":363,"percentile":379},"2025-11-12",{"date":383,"score":363,"percentile":359},"2025-11-13",{"date":385,"score":363,"percentile":379},"2025-11-14",{"date":387,"score":363,"percentile":359},"2025-11-15",{"date":389,"score":363,"percentile":359},"2025-11-16",{"date":391,"score":363,"percentile":379},"2025-11-17",{"date":393,"score":363,"percentile":394},"2025-11-18",0.99404,{"date":396,"score":363,"percentile":394},"2025-11-19",{"date":398,"score":363,"percentile":399},"2025-11-20",0.99403,{"date":401,"score":363,"percentile":402},"2025-11-21",0.99264,{"date":404,"score":363,"percentile":402},"2025-11-22",{"date":406,"score":363,"percentile":402},"2025-11-23",{"date":408,"score":363,"percentile":402},"2025-11-24",{"date":410,"score":363,"percentile":379},"2025-11-25",{"date":412,"score":363,"percentile":359},"2025-11-26",{"date":414,"score":363,"percentile":364},"2025-11-27",{"date":416,"score":363,"percentile":359},"2025-11-28",{"date":418,"score":363,"percentile":359},"2025-11-29",{"date":420,"score":421,"percentile":422},"2025-11-30",0.85181,0.99308,{"date":424,"score":421,"percentile":425},"2025-12-01",0.99319,{"date":427,"score":421,"percentile":428},"2025-12-02",0.9932,{"date":430,"score":421,"percentile":428},"2025-12-03",{"date":432,"score":421,"percentile":433},"2025-12-04",0.99309,{"date":435,"score":421,"percentile":436},"2025-12-05",0.9931,{"date":438,"score":421,"percentile":436},"2025-12-06",{"date":440,"score":421,"percentile":441},"2025-12-07",0.99311,{"date":443,"score":421,"percentile":444},"2025-12-08",0.99312,{"date":446,"score":421,"percentile":447},"2025-12-09",0.99313,{"date":449,"score":363,"percentile":450},"2025-12-10",0.9927,{"date":452,"score":363,"percentile":450},"2025-12-11",{"date":454,"score":363,"percentile":455},"2025-12-12",0.99271,{"date":457,"score":363,"percentile":455},"2025-12-13",{"date":459,"score":363,"percentile":455},"2025-12-14",{"date":461,"score":363,"percentile":462},"2025-12-15",0.99272,{"date":464,"score":363,"percentile":465},"2025-12-16",0.99273,{"date":467,"score":363,"percentile":465},"2025-12-17",{"date":469,"score":363,"percentile":462},"2025-12-18",{"date":471,"score":363,"percentile":462},"2025-12-19",{"date":473,"score":363,"percentile":474},"2025-12-20",0.99274,{"date":476,"score":363,"percentile":477},"2025-12-21",0.99275,{"date":479,"score":363,"percentile":477},"2025-12-22",{"date":481,"score":363,"percentile":482},"2025-12-23",0.99276,{"date":484,"score":363,"percentile":485},"2025-12-24",0.99277,{"date":487,"score":488,"percentile":489},"2025-12-25",0.8232,0.99181,{"date":491,"score":488,"percentile":489},"2025-12-26",{"date":493,"score":488,"percentile":494},"2025-12-27",0.99183,{"date":496,"score":488,"percentile":497},"2025-12-28",0.99182,{"date":499,"score":488,"percentile":494},"2025-12-29",{"date":501,"score":488,"percentile":494},"2025-12-30",{"date":503,"score":488,"percentile":494},"2025-12-31",{"date":505,"score":488,"percentile":506},"2026-01-01",0.99198,{"date":508,"score":488,"percentile":506},"2026-01-02",{"date":510,"score":488,"percentile":506},"2026-01-03",{"date":512,"score":488,"percentile":513},"2026-01-04",0.99186,{"date":515,"score":488,"percentile":513},"2026-01-05",{"date":517,"score":488,"percentile":518},"2026-01-06",0.99185,{"date":520,"score":488,"percentile":513},"2026-01-07",{"date":522,"score":488,"percentile":523},"2026-01-08",0.99187,{"date":525,"score":488,"percentile":523},"2026-01-09",{"date":527,"score":488,"percentile":523},"2026-01-10",{"date":529,"score":488,"percentile":518},"2026-01-11",{"date":531,"score":488,"percentile":513},"2026-01-12",{"date":533,"score":488,"percentile":513},"2026-01-13",{"date":535,"score":488,"percentile":523},"2026-01-14",{"date":537,"score":488,"percentile":538},"2026-01-15",0.99188,{"date":540,"score":488,"percentile":541},"2026-01-16",0.99189,{"date":543,"score":488,"percentile":541},"2026-01-17",{"date":545,"score":488,"percentile":541},"2026-01-18",{"date":547,"score":488,"percentile":541},"2026-01-19",{"date":549,"score":488,"percentile":538},"2026-01-20",{"date":551,"score":488,"percentile":541},"2026-01-21",{"date":553,"score":488,"percentile":541},"2026-01-22",{"date":555,"score":488,"percentile":556},"2026-01-23",0.99191,{"date":558,"score":488,"percentile":556},"2026-01-24",{"date":560,"score":488,"percentile":561},"2026-01-25",0.9919,{"date":563,"score":488,"percentile":561},"2026-01-26",{"date":565,"score":488,"percentile":556},"2026-01-27",{"date":567,"score":488,"percentile":561},"2026-01-28",{"date":569,"score":488,"percentile":570},"2026-01-29",0.99192,{"date":572,"score":488,"percentile":556},"2026-01-30",{"date":574,"score":488,"percentile":570},"2026-01-31",{"date":576,"score":488,"percentile":577},"2026-02-01",0.99204,[579],{"source":287,"cvss_v2_0":580,"cvss_v3_0":9,"cvss_v3_1":585,"cvss_v4_0":9},{"baseScore":581,"baseSeverity":9,"vectorString":582,"impactScore":583,"exploitabilityScore":584},6.9,"AV:L/AC:M/Au:N/C:C/I:C/A:C",10,3.4,{"baseScore":4,"baseSeverity":586,"vectorString":288,"impactScore":587,"exploitabilityScore":588},"HIGH",9.8,2.6,[590],{"ecosystem":9,"name":591,"vendor":39,"product":592,"cpe_part":593,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":594},"linux kernel","linux_kernel","o",[595,602,606,610,614,618],{"version":596,"is_range":36,"range_type":597,"version_start":598,"version_start_type":599,"version_end":600,"version_end_type":601,"fixed_in":9},"gte2.6.15_lt3.10.108","cpe","2.6.15","including","3.10.108","excluding",{"version":603,"is_range":36,"range_type":597,"version_start":604,"version_start_type":599,"version_end":605,"version_end_type":601,"fixed_in":9},"gte3.11_lt3.16.47","3.11","3.16.47",{"version":607,"is_range":36,"range_type":597,"version_start":608,"version_start_type":599,"version_end":609,"version_end_type":601,"fixed_in":9},"gte3.17_lt3.18.65","3.17","3.18.65",{"version":611,"is_range":36,"range_type":597,"version_start":612,"version_start_type":599,"version_end":613,"version_end_type":601,"fixed_in":9},"gte3.19_lt4.4.82","3.19","4.4.82",{"version":615,"is_range":36,"range_type":597,"version_start":616,"version_start_type":599,"version_end":617,"version_end_type":601,"fixed_in":9},"gte4.5_lt4.9.43","4.5","4.9.43",{"version":619,"is_range":36,"range_type":597,"version_start":620,"version_start_type":599,"version_end":621,"version_end_type":601,"fixed_in":9},"gte4.10_lt4.12.7","4.10","4.12.7"]