Description
The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.
References (11)
Core 11
Core References
Patch, Third Party Advisory x_refsource_confirm
https://patchwork.ozlabs.org/patch/724136/
Issue Tracking, Patch x_refsource_confirm
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b2cef20f19c87999fff3da4071e66937db9644
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2017/02/12/3
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2017-07-01
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2669
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96233
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2077
Issue Tracking, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1421638
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1842
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/torvalds/linux/commit/34b2cef20f19c87999fff3da4071e66937db9644
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3791
Scores
CVSS v3
7.5
EPSS
0.0175
EPSS Percentile
82.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (1)
linux/linux_kernel
< 4.9.9
Published
Feb 14, 2017
Tracked Since
Feb 18, 2026