Main Vulnerability Database Vulnerabilities #VU38426

Input validation error in Linux kernel - CVE-2017-13686

Published: August 25, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38426

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-13686

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows local users to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls.

How to mitigate CVE-2017-13686

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205
https://github.com/torvalds/linux/commit/bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205

Input validation error in Linux kernel - CVE-2017-13686

Detailed vulnerability description

How to mitigate CVE-2017-13686

Sources

Please verify you're human