CVE-2017-1000407

Description

The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.

CVSS Metrics

• v3.0•HIGH•Score: 7.4CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
• v2.0•MEDIUM•Score: 6.1AV:A/AC:L/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.46%• Percentile: 64%

Techniques & Countermeasures

• CWE-754•Improper Check for Unusual or Exceptional Conditions

  The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Affected Systems

• canonical•ubuntu_linux

  12.04 | 14.04 | 16.04 | 17.10

• debian•debian_linux

  7.0 | 8.0 | 9.0

• linux•linux_kernel

  ≥ 2.6.32, < 4.15 | 4.15:rc1 | 4.15:rc2

• redhat•enterprise_linux_desktop

  7.0

• redhat•enterprise_linux_server

  7.0

• redhat•enterprise_linux_server_aus

  7.6

• redhat•enterprise_linux_server_eus

  7.6

• redhat•enterprise_linux_server_tus

  7.6

• redhat•enterprise_linux_workstation

  7.0

• redhat•virtualization_host

  4.0

References (17)

• https://usn.ubuntu.com/3617-1/
• https://usn.ubuntu.com/3619-2/
• https://www.debian.org/security/2018/dsa-4082
• https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
• http://www.openwall.com/lists/oss-security/2017/12/04/2
• http://www.securityfocus.com/bid/102038
• https://usn.ubuntu.com/3583-2/
• https://usn.ubuntu.com/3632-1/
• https://access.redhat.com/security/cve/cve-2017-1000407
• https://access.redhat.com/errata/RHSA-2018:1062
• https://usn.ubuntu.com/3583-1/
• https://access.redhat.com/errata/RHSA-2018:0676
• https://www.debian.org/security/2017/dsa-4073
• https://usn.ubuntu.com/3617-2/
• https://www.spinics.net/lists/kvm/msg159809.html
• https://usn.ubuntu.com/3619-1/
• https://access.redhat.com/errata/RHSA-2019:1170