Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-7277
HistoryMar 28, 2017 - 12:00 a.m.

CVE-2017-7277

2017-03-2800:00:00
ubuntu.com
ubuntu.com
7

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

6.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:N/A:C

0.0004 Low

EPSS

Percentile

5.3%

The TCP stack in the Linux kernel through 4.10.6 mishandles the
SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain
sensitive information from the kernel’s internal socket data structures or
cause a denial of service (out-of-bounds read) via crafted system calls,
related to net/core/skbuff.c and net/socket.c.

Notes

Author Note
jdstrand android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support
OSVersionArchitecturePackageVersionFilename
ubuntu17.04noarchlinux< 4.10.0-22.24UNKNOWN
ubuntu17.04noarchlinux-raspi2< 4.10.0-1006.8UNKNOWN

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

6.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:N/A:C

0.0004 Low

EPSS

Percentile

5.3%