CVE-2017-7308

CVSS v3.1 7.8 (High)

CVSS v2.0 7.2 (High)

EPSS 0.09 % (38^th)

Affected Products 1

Advisories 45

The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.

Weaknesses

CWE-681: Incorrect Conversion between Numeric Types
CWE-787: Out-of-bounds Write

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2017-03-29 20:59:00
(7 years ago)
Updated Date: 2023-02-14 18:32:40
(19 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 2.6.27 version and prior 3.2.89 version	cpe:2.3:o:linux:linux_kernel	>= 2.6.27	< 3.2.89
Linux Kernel from 3.3 version and prior 3.10.107 version	cpe:2.3:o:linux:linux_kernel	>= 3.3	< 3.10.107
Linux Kernel from 3.11 version and prior 3.12.74 version	cpe:2.3:o:linux:linux_kernel	>= 3.11	< 3.12.74
Linux Kernel from 3.13 version and prior 3.16.44 version	cpe:2.3:o:linux:linux_kernel	>= 3.13	< 3.16.44
Linux Kernel from 3.17 version and prior 3.18.52 version	cpe:2.3:o:linux:linux_kernel	>= 3.17	< 3.18.52
Linux Kernel from 3.19 version and prior 4.1.41 version	cpe:2.3:o:linux:linux_kernel	>= 3.19	< 4.1.41
Linux Kernel from 4.2 version and prior 4.4.66 version	cpe:2.3:o:linux:linux_kernel	>= 4.2	< 4.4.66
Linux Kernel from 4.5 version and prior 4.9.26 version	cpe:2.3:o:linux:linux_kernel	>= 4.5	< 4.9.26
Linux Kernel from 4.10 version and prior 4.10.14 version	cpe:2.3:o:linux:linux_kernel	>= 4.10	< 4.10.14