Lucene search

[email protected]CVE-2017-16995

HistoryDec 27, 2017 - 5:08 p.m.

CVE-2017-16995

2017-12-2717:08:17

CWE-119

[email protected]

web.nvd.nist.gov

233

linux kernel

memory corruption

denial of service

nvd

cve-2017-16995

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.

Affected configurations

NVD

Node

linuxlinux_kernelRange4.9–4.9.72

linuxlinux_kernelRange4.10–4.14.9

Node

debiandebian_linuxMatch9.0

Node

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch16.04esm

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt4.9.72
linux:linux_kernellinux linux kernellt4.14.9

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	4.9.72
linux:linux_kernel	linux linux kernel	lt	4.14.9

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95a762e2c8c942780948091f8f2a4f32fce1ac6f

openwall.com/lists/oss-security/2017/12/21/2

www.securityfocus.com/bid/102288

bugs.chromium.org/p/project-zero/issues/detail?id=1454

git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=a6132276ab5dcc38b3299082efeb25b948263adb

github.com/torvalds/linux/commit/95a762e2c8c942780948091f8f2a4f32fce1ac6f

usn.ubuntu.com/3619-1/

usn.ubuntu.com/3619-2/

usn.ubuntu.com/3633-1/

usn.ubuntu.com/usn/usn-3523-2/

www.debian.org/security/2017/dsa-4073

www.exploit-db.com/exploits/44298/

www.exploit-db.com/exploits/45010/

www.exploit-db.com/exploits/45058/

Social References

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

Related for CVE-2017-16995

packetstorm2 zdt4 redhatcve1 prion1 debiancve1 cvelist1 openvas11 ubuntu6 seebug1 exploitpack1 metasploit1 nessus8 nvd1 exploitdb2 ubuntucve2 archlinux4 photon2 debian1 osv1 mageia3 cloudfoundry1