CVE-2017-9242

MEDIUM

Description

The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=232cd35d0804cc241eb887bb8d4d9b3b9881c64a

http://www.debian.org/security/2017/dsa-3886

http://www.securityfocus.com/bid/98731

https://access.redhat.com/errata/RHSA-2017:1842

https://access.redhat.com/errata/RHSA-2017:2077

https://github.com/torvalds/linux/commit/232cd35d0804cc241eb887bb8d4d9b3b9881c64a

https://patchwork.ozlabs.org/patch/764880/

Details

Source: MITRE

Published: 2017-05-27

Updated: 2018-01-05

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.11.3 (inclusive)

Tenable Plugins

View all (82 total)

IDNameProductFamilySeverity
124982EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1529)NessusHuawei Local Security Checks
high
124827EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1504)NessusHuawei Local Security Checks
critical
121698Photon OS 1.0: Linux PHSA-2017-0019NessusPhotonOS Local Security Checks
high
111868Photon OS 1.0: Linux PHSA-2017-0019 (deprecated)NessusPhotonOS Local Security Checks
critical
106469OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0015) (BlueBorne) (Meltdown) (Spectre) (Stack Clash)NessusOracleVM Local Security Checks
critical
105248OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)NessusOracleVM Local Security Checks
high
105247Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3659) (BlueBorne) (Dirty COW) (Stack Clash)NessusOracle Linux Local Security Checks
high
105147OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0173) (BlueBorne) (Stack Clash)NessusOracleVM Local Security Checks
high
105145Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3658) (BlueBorne) (Stack Clash)NessusOracle Linux Local Security Checks
high
105144Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657) (BlueBorne) (Stack Clash)NessusOracle Linux Local Security Checks
high
104374SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2920-1) (KRACK) (Stack Clash)NessusSuSE Local Security Checks
critical
104271SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2908-1) (KRACK) (Stack Clash)NessusSuSE Local Security Checks
critical
104030SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2791-1)NessusSuSE Local Security Checks
high
104015SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2775-1)NessusSuSE Local Security Checks
high
103354SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2525-1) (Stack Clash)NessusSuSE Local Security Checks
critical
103293SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2497-1)NessusSuSE Local Security Checks
high
103248SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2476-1)NessusSuSE Local Security Checks
high
103247SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2475-1)NessusSuSE Local Security Checks
high
103214SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2448-1)NessusSuSE Local Security Checks
high
103213SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2447-1)NessusSuSE Local Security Checks
high
103212SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2446-1)NessusSuSE Local Security Checks
high
103110SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2389-1) (Stack Clash)NessusSuSE Local Security Checks
high
102981Virtuozzo 7 : readykernel-patch (VZA-2017-079)NessusVirtuozzo Local Security Checks
medium
102980Virtuozzo 7 : readykernel-patch (VZA-2017-078)NessusVirtuozzo Local Security Checks
medium
102979Virtuozzo 7 : readykernel-patch (VZA-2017-077)NessusVirtuozzo Local Security Checks
medium
102774OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0145) (Stack Clash)NessusOracleVM Local Security Checks
critical
102773Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3609) (Stack Clash)NessusOracle Linux Local Security Checks
critical
102734CentOS 7 : kernel (CESA-2017:1842) (Stack Clash)NessusCentOS Local Security Checks
high
102645Scientific Linux Security Update : kernel on SL7.x x86_64 (20170801)NessusScientific Linux Local Security Checks
high
102625OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0144)NessusOracleVM Local Security Checks
medium
102624Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3607)NessusOracle Linux Local Security Checks
medium
102623Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3606)NessusOracle Linux Local Security Checks
medium
102573OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0143)NessusOracleVM Local Security Checks
medium
102572Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3605)NessusOracle Linux Local Security Checks
medium
102320SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2103-1)NessusSuSE Local Security Checks
high
102319SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2102-1)NessusSuSE Local Security Checks
high
102318SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2100-1)NessusSuSE Local Security Checks
high
102317SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2099-1)NessusSuSE Local Security Checks
high
102316SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2098-1)NessusSuSE Local Security Checks
high
102315SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2096-1)NessusSuSE Local Security Checks
high
102314SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2095-1)NessusSuSE Local Security Checks
high
102313SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2094-1)NessusSuSE Local Security Checks
high
102312SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2093-1)NessusSuSE Local Security Checks
high
102311SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2092-1)NessusSuSE Local Security Checks
high
102310SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2091-1)NessusSuSE Local Security Checks
high
102309SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2090-1)NessusSuSE Local Security Checks
high
102308SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2089-1)NessusSuSE Local Security Checks
high
102307SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2088-1)NessusSuSE Local Security Checks
high
102281Oracle Linux 7 : kernel (ELSA-2017-1842) (Stack Clash)NessusOracle Linux Local Security Checks
high
102254SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2073-1)NessusSuSE Local Security Checks
high
102253SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2072-1)NessusSuSE Local Security Checks
high
102252SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2061-1)NessusSuSE Local Security Checks
high
102251SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2060-1)NessusSuSE Local Security Checks
high
102219SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2049-1)NessusSuSE Local Security Checks
high
102151RHEL 7 : kernel-rt (RHSA-2017:2077)NessusRed Hat Local Security Checks
high
102143RHEL 7 : kernel (RHSA-2017:1842) (Stack Clash)NessusRed Hat Local Security Checks
high
101853EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1123)NessusHuawei Local Security Checks
high
101852EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1122)NessusHuawei Local Security Checks
high
101762SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1853-1) (Stack Clash)NessusSuSE Local Security Checks
high
101156Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3345-1)NessusUbuntu Local Security Checks
high
101155Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3344-2)NessusUbuntu Local Security Checks
high
101154Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities (USN-3344-1)NessusUbuntu Local Security Checks
high
101153Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3343-2)NessusUbuntu Local Security Checks
critical
101152Ubuntu 14.04 LTS : linux vulnerabilities (USN-3343-1)NessusUbuntu Local Security Checks
high
101151Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3342-2)NessusUbuntu Local Security Checks
high
101150Ubuntu 16.10 : linux, linux-raspi2 vulnerabilities (USN-3342-1)NessusUbuntu Local Security Checks
high
101127openSUSE Security Update : the Linux Kernel (openSUSE-2017-716) (Stack Clash)NessusSuSE Local Security Checks
medium
100999Amazon Linux AMI : kernel (ALAS-2017-846)NessusAmazon Linux Local Security Checks
high
100933Ubuntu 14.04 LTS : linux, linux-meta vulnerabilities (USN-3335-1) (Stack Clash)NessusUbuntu Local Security Checks
high
100932Ubuntu 14.04 LTS : linux-lts-xenial, linux-meta-lts-xenial vulnerabilities (USN-3334-1) (Stack Clash)NessusUbuntu Local Security Checks
high
100931Ubuntu 16.04 LTS : linux-hwe, linux-meta-hwe vulnerabilities (USN-3333-1) (Stack Clash)NessusUbuntu Local Security Checks
high
100930Ubuntu 16.04 LTS : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3332-1) (Stack Clash)NessusUbuntu Local Security Checks
high
100929Ubuntu 16.04 LTS : linux-aws, linux-meta-aws vulnerabilities (USN-3331-1) (Stack Clash)NessusUbuntu Local Security Checks
high
100928Ubuntu 16.04 LTS : linux-meta-snapdragon, linux-snapdragon vulnerabilities (USN-3330-1) (Stack Clash)NessusUbuntu Local Security Checks
high
100927Ubuntu 16.04 LTS : linux-gke, linux-meta-gke vulnerabilities (USN-3329-1) (Stack Clash)NessusUbuntu Local Security Checks
high
100926Ubuntu 16.04 LTS : linux, linux-meta vulnerabilities (USN-3328-1) (Stack Clash)NessusUbuntu Local Security Checks
high
100925Ubuntu 16.10 : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3327-1) (Stack Clash)NessusUbuntu Local Security Checks
high
100924Ubuntu 16.10 : linux, linux-meta vulnerabilities (USN-3326-1) (Stack Clash)NessusUbuntu Local Security Checks
high
100923Ubuntu 17.04 : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3325-1) (Stack Clash)NessusUbuntu Local Security Checks
high
100922Ubuntu 17.04 : linux, linux-meta vulnerabilities (USN-3324-1) (Stack Clash)NessusUbuntu Local Security Checks
high
100877Debian DSA-3886-1 : linux - security update (Stack Clash)NessusDebian Local Security Checks
critical
100876Debian DLA-993-2 : linux regression update (Stack Clash)NessusDebian Local Security Checks
critical