CVE-2017-9211

MEDIUM

Linux kernel <4.11.2 - DoS

Title source: llm

Description

The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application.

References (3)

[Patch] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9933e113c2e87a9f46a40fde8dafbf801dca1ab9

[Patch] https://github.com/torvalds/linux/commit/9933e113c2e87a9f46a40fde8dafbf801dca1ab9

View Patch ZIP pw:eip

[Mailing List, Patch] https://patchwork.kernel.org/patch/9718933/

Scores

CVSS v3 5.5

EPSS 0.0004

EPSS Percentile 13.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (2)

linux/linux_kernel < 4.11.2

n/a/n/a

Published May 23, 2017

Tracked Since Feb 18, 2026