Input validation error in Linux kernel - CVE-2017-7979
Published: April 20, 2017 / Updated: August 8, 2020
Vulnerability identifier: #VU39172
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-7979
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows local users to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts.
How to mitigate CVE-2017-7979
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Sources
- http://marc.info/?l=linux-netdev&m=149200742616349
- http://marc.info/?l=linux-netdev&m=149200746116365
- http://marc.info/?l=linux-netdev&m=149200746116366
- http://marc.info/?l=linux-netdev&m=149251041420194
- http://marc.info/?l=linux-netdev&m=149251041420195
- http://www.securityfocus.com/bid/97969
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1682368
- https://bugzilla.proxmox.com/show_bug.cgi?id=1351