CVE-2017-14497
HIGHLinux Kernel < 4.13 - Denial of Service via tpacket_rcv Vnet Header Mishandling
Title source: llmDescription
The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls.
References (11)
Core 11
Core References
Mailing List, Patch, Third Party Advisory x_refsource_confirm
https://marc.info/?l=linux-kernel&m=150394500728906&w=2
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1492593
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2017/q3/476
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039371
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100871
Third Party Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2018-01-01
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3981
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/torvalds/linux/commit/edbd58be15a957f6a760c4a514cd475217eb97fd
Mailing List, Patch, Third Party Advisory x_refsource_confirm
https://marc.info/?t=150394517700001&r=1&w=2
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=edbd58be15a957f6a760c4a514cd475217eb97fd
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040106
Scores
CVSS v3
7.8
EPSS
0.0056
EPSS Percentile
42.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (3)
debian/debian_linux
8.0
debian/debian_linux
9.0
linux/linux_kernel
4.6 - 4.9.51
Published
Sep 15, 2017
Tracked Since
Feb 18, 2026