Veracode Vulnerability DatabaseVERACODE:20165Denial Of Service (DoS)
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
Linux kernel is vulnerable to denial of service (DoS) attacks. The vulnerability is due to insufficient validation of Kerberos tickets by the affected system. An attacker could cause a buffer overflow which could allow the attacker to gain elevated privileges on targeted systems by submitting a crafted Kerberos 5 ticket to be loaded into an RxRPC-type key on an affected system.
References
seclists.org/oss-sec/2017/q2/602
www.securityfocus.com/bid/99299
www.securitytracker.com/id/1038787
access.redhat.com/errata/RHSA-2019:0641
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1674935
bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0
www.debian.org/security/2017/dsa-3927
www.debian.org/security/2017/dsa-3945
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C