CVE-2017-9242

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References
Link Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=232cd35d0804cc241eb887bb8d4d9b3b9881c64a Issue Tracking Patch Third Party Advisory
http://www.debian.org/security/2017/dsa-3886
http://www.securityfocus.com/bid/98731 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:1842
https://access.redhat.com/errata/RHSA-2017:2077
https://github.com/torvalds/linux/commit/232cd35d0804cc241eb887bb8d4d9b3b9881c64a Issue Tracking Patch Third Party Advisory
https://patchwork.ozlabs.org/patch/764880/ Broken Link
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=232cd35d0804cc241eb887bb8d4d9b3b9881c64a Issue Tracking Patch Third Party Advisory
http://www.debian.org/security/2017/dsa-3886
http://www.securityfocus.com/bid/98731 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:1842
https://access.redhat.com/errata/RHSA-2017:2077
https://github.com/torvalds/linux/commit/232cd35d0804cc241eb887bb8d4d9b3b9881c64a Issue Tracking Patch Third Party Advisory
https://patchwork.ozlabs.org/patch/764880/ Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

21 Nov 2024, 03:35

Type Values Removed Values Added
References () http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=232cd35d0804cc241eb887bb8d4d9b3b9881c64a - Issue Tracking, Patch, Third Party Advisory () http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=232cd35d0804cc241eb887bb8d4d9b3b9881c64a - Issue Tracking, Patch, Third Party Advisory
References () http://www.debian.org/security/2017/dsa-3886 - () http://www.debian.org/security/2017/dsa-3886 -
References () http://www.securityfocus.com/bid/98731 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/98731 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHSA-2017:1842 - () https://access.redhat.com/errata/RHSA-2017:1842 -
References () https://access.redhat.com/errata/RHSA-2017:2077 - () https://access.redhat.com/errata/RHSA-2017:2077 -
References () https://github.com/torvalds/linux/commit/232cd35d0804cc241eb887bb8d4d9b3b9881c64a - Issue Tracking, Patch, Third Party Advisory () https://github.com/torvalds/linux/commit/232cd35d0804cc241eb887bb8d4d9b3b9881c64a - Issue Tracking, Patch, Third Party Advisory
References () https://patchwork.ozlabs.org/patch/764880/ - Broken Link () https://patchwork.ozlabs.org/patch/764880/ - Broken Link
Information

Published : 2017-05-27 01:29

Updated : 2025-04-20 01:37

NVD link : CVE-2017-9242

Mitre link : CVE-2017-9242

CVE.ORG link : CVE-2017-9242

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-20

Improper Input Validation