CVE-2017-7542

MEDIUM

Linux kernel <4.12.3 - DoS

Title source: llm

Description

The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.

References (12)

[Issue Tracking, Patch, Third Party Advisory] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6399f1fae4ec29fab5ec76070435555e256ca3a6

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2017:2918

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2017:2930

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2017:2931

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2018:0169

[Issue Tracking, Patch, Third Party Advisory] https://github.com/torvalds/linux/commit/6399f1fae4ec29fab5ec76070435555e256ca3a6

View Patch ZIP pw:eip

[Various Sources] https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

[Vendor Advisory] https://usn.ubuntu.com/3583-1/

[Vendor Advisory] https://usn.ubuntu.com/3583-2/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99953

[Third Party Advisory] http://www.debian.org/security/2017/dsa-3927

[Third Party Advisory] http://www.debian.org/security/2017/dsa-3945

Scores

CVSS v3 5.5

EPSS 0.0007

EPSS Percentile 21.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-190 CWE-835

Status published

Products (2)

linux/linux_kernel < 4.12.3

n/a/Linux kernel versions up to and including 4.12 < Linux kernel versions up to and including 4.12

Published Jul 21, 2017

Tracked Since Feb 18, 2026