Main Vulnerability Database Vulnerabilities #VU30815

Out-of-bounds write in Linux kernel - CVE-2017-18552

Published: August 19, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU30815

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-18552

CWE-ID: CWE-787

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

An issue was discovered in net/rds/af_rds.c in the Linux kernel before 4.11. There is an out of bounds write and read in the function rds_recv_track_latency.

How to mitigate CVE-2017-18552

Install update from vendor's website.

Sources

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=780e982905bef61d13496d9af5310bf4af3a64d3
https://support.f5.com/csp/article/K02460950
https://support.f5.com/csp/article/K02460950?utm_source=f5support&utm_medium=RSS

Out-of-bounds write in Linux kernel - CVE-2017-18552

Detailed vulnerability description

How to mitigate CVE-2017-18552

Sources

Please verify you're human