CVE-2017-9074

CVSS v3.1 7.8 (High)

CVSS v2.0 7.2 (High)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 28

The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.

Weaknesses

CWE-125: Out-of-bounds Read

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2017-05-19 07:29:00
(7 years ago)
Updated Date: 2023-02-24 18:40:00
(19 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel prior 3.2.89 version	cpe:2.3:o:linux:linux_kernel		< 3.2.89
Linux Kernel from 3.3 version and prior 3.16.44 version	cpe:2.3:o:linux:linux_kernel	>= 3.3	< 3.16.44
Linux Kernel from 3.17 version and prior 3.18.56 version	cpe:2.3:o:linux:linux_kernel	>= 3.17	< 3.18.56
Linux Kernel from 3.19 version and prior 4.1.42 version	cpe:2.3:o:linux:linux_kernel	>= 3.19	< 4.1.42
Linux Kernel from 4.2 version and prior 4.4.71 version	cpe:2.3:o:linux:linux_kernel	>= 4.2	< 4.4.71
Linux Kernel from 4.5 version and prior 4.9.31 version	cpe:2.3:o:linux:linux_kernel	>= 4.5	< 4.9.31
Linux Kernel from 4.10 version and prior 4.11.4 version	cpe:2.3:o:linux:linux_kernel	>= 4.10	< 4.11.4