CVE-2017-5970
Advisory lineage Upstream: 0 Downstream: 44
Modified
Published: 14 Feb 2017, 06:30
Last modified:05 Aug 2024, 15:18
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
v3.0 (nvd)
EPSS Score
0.94% LOW
1% probability -0.82%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
14 Feb 2017, 06:30
Published
Vulnerability first disclosed
05 Aug 2024, 15:18
Last Modified
Vulnerability information updated
Description
The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.
CVSS Metrics
- v3.0•HIGH•Score: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 0.94%• Percentile: 77%
Techniques & Countermeasures
- CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Systems
- linux•linux_kernel
≤ 4.9.9
References (11)
- https://patchwork.ozlabs.org/patch/724136/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b2cef20f19c87999fff3da4071e66937db9644
- http://www.openwall.com/lists/oss-security/2017/02/12/3
- https://source.android.com/security/bulletin/2017-07-01
- https://access.redhat.com/errata/RHSA-2017:2669
- http://www.securityfocus.com/bid/96233
- https://access.redhat.com/errata/RHSA-2017:2077
- https://bugzilla.redhat.com/show_bug.cgi?id=1421638
- https://access.redhat.com/errata/RHSA-2017:1842
- https://github.com/torvalds/linux/commit/34b2cef20f19c87999fff3da4071e66937db9644
- http://www.debian.org/security/2017/dsa-3791