CVE-2017-13686

HIGH

Linux Kernel 4.13-rc1-4.13-rc6 - Denial of Service via NULL Pointer Dereference in net/ipv4/route.c

Title source: llm
STIX 2.1

Description

net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release.

Scores

CVSS v3 7.8
EPSS 0.0036
EPSS Percentile 27.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-476
Status published
Products (1)
linux/linux_kernel 4.13 rc1 (6 CPE variants)
Published Aug 24, 2017
Tracked Since Feb 18, 2026