CVE-2017-14489

medium

Description

The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.

References

http://www.debian.org/security/2017/dsa-3981

http://www.securityfocus.com/bid/101011

https://bugzilla.redhat.com/show_bug.cgi?id=1490421

https://patchwork.kernel.org/patch/9923803/

https://usn.ubuntu.com/3583-1/

https://usn.ubuntu.com/3583-2/

https://www.exploit-db.com/exploits/42932/

Details

Source: MITRE

Published: 2017-09-15

Updated: 2018-03-16

Type: CWE-20

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM