Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-7308
HistoryMar 29, 2017 - 12:00 a.m.

CVE-2017-7308

2017-03-2900:00:00
ubuntu.com
ubuntu.com
62

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

37.9%

The packet_set_ring function in net/packet/af_packet.c in the Linux kernel
through 4.10.6 does not properly validate certain block-size data, which
allows local users to cause a denial of service (integer signedness error
and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability
is held), via crafted system calls.

Notes

Author Note
jdstrand android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support
OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchlinux<Β 3.2.0-126.169UNKNOWN
ubuntu14.04noarchlinux<Β 3.13.0-116.163UNKNOWN
ubuntu16.04noarchlinux<Β 4.4.0-72.93UNKNOWN
ubuntu16.10noarchlinux<Β 4.8.0-46.49UNKNOWN
ubuntu12.04noarchlinux-armadaxp<Β 3.2.0-1687.114UNKNOWN
ubuntu16.04noarchlinux-aws<Β 4.4.0-1013.22UNKNOWN
ubuntu16.04noarchlinux-gke<Β 4.4.0-1010.10UNKNOWN
ubuntu16.04noarchlinux-hwe<Β 4.8.0-46.49~16.04.1UNKNOWN
ubuntu16.04noarchlinux-hwe-edge<Β 4.8.0-46.49~16.04.1UNKNOWN
ubuntu12.04noarchlinux-lts-trusty<Β 3.13.0-116.163~precise1UNKNOWN
Rows per page:
1-10 of 171

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

37.9%