An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function.
https://github.com/torvalds/linux/commit/6399f1fae4ec29fab5ec76070435555e256ca3a6
http://www.securityfocus.com/bid/99953
http://www.debian.org/security/2017/dsa-3945
http://www.debian.org/security/2017/dsa-3927
https://access.redhat.com/errata/RHSA-2017:2931
https://access.redhat.com/errata/RHSA-2017:2930
https://access.redhat.com/errata/RHSA-2017:2918
https://access.redhat.com/errata/RHSA-2018:0169
https://usn.ubuntu.com/3583-2/
https://usn.ubuntu.com/3583-1/
Source: MITRE
Published: 2017-07-21
Updated: 2023-02-02
Type: CWE-190
Base Score: 4.9
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact Score: 6.9
Exploitability Score: 3.9
Severity: MEDIUM
Base Score: 5.5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 1.8
Severity: MEDIUM