CVE-2017-18222 - CVE-2017-18222
Published: March 12, 2018
Vulnerability identifier: #VU10934
CSH Severity: Medium
CVSS v4.0:
CVE-ID: CVE-2017-18222
CWE-ID:
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings.