CVE-2017-12153

CVSS v3.0 4.4 (Medium)

CVSS v2.0 4.9 (Medium)

EPSS 0.06 % (28^th)

Affected Products 3

Advisories 17

A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash.

Weaknesses

CWE-476: NULL Pointer Dereference

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2017-09-21 15:29:00
(7 years ago)
Updated Date: 2019-10-09 23:22:22
(5 years ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Linux Kernel 4.13.3 and prior versions	cpe:2.3:o:linux:linux_kernel		<= 4.13.3

Configuration #2

		CPE23	From	Up To
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0

Configuration #3

		CPE23	From	Up To
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:esm
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts

Weaknesses

Affected Products

Canonical

Debian

Linux

Configuration #1

Configuration #2

Configuration #3