Lucene search

K
cveMitreCVE-2017-8890
HistoryMay 10, 2017 - 4:29 p.m.

CVE-2017-8890

2017-05-1016:29:00
CWE-415
mitre
web.nvd.nist.gov
199
cve-2017-8890
linux kernel
denial of service
double free
nvd
security vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

32.6%

The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.

Affected configurations

Nvd
Node
linuxlinux_kernelRange<3.2.89
OR
linuxlinux_kernelRange3.33.10.106
OR
linuxlinux_kernelRange3.113.16.44
OR
linuxlinux_kernelRange3.173.18.56
OR
linuxlinux_kernelRange3.194.1.42
OR
linuxlinux_kernelRange4.24.4.71
OR
linuxlinux_kernelRange4.54.9.31
OR
linuxlinux_kernelRange4.104.11.4
Node
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

32.6%