CVE-2017-7618

Advisory lineage Upstream: 0 Downstream: 8

Downstream

DEBIAN-CVE-2017-7618 DLA-922-1 SUSE-SU-2017:1853-1 SUSE-SU-2017:1990-1 UBUNTU-CVE-2017-7618 USN-3312-1

Modified

Published: 10 Apr 2017, 14:00

Last modified:05 Aug 2024, 16:12

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v2.0 (nvd)

EPSS Score

0.31% LOW

0% probability -0.48%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

10 Apr 2017, 14:00

Published

Vulnerability first disclosed

05 Aug 2024, 16:12

Last Modified

Vulnerability information updated

Description

crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.

CVSS Metrics

v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
v2.0•HIGH•Score: 7.8AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.31%• Percentile: 54%

Techniques & Countermeasures

CWE-835•Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Systems

linux•linux_kernel
≥ 3.15, < 3.16.44 | ≥ 3.17, < 3.18.50 | ≥ 3.19, < 4.1.40 | ≥ 4.2, < 4.4.63 | ≥ 4.5, < 4.9.24 | ≥ 4.10, < 4.10.12