Buffer overflow in Linux kernel - CVE-2017-14497
Published: September 18, 2017 / Updated: September 19, 2017
Vulnerability identifier: #VU8489
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-14497
CWE-ID: CWE-120
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to buffer overflow in the tpacket_rcv() function in 'net/packet/af_packet.c'. A local attacker can perform specially crafted system calls to write up to 10 bytes to kernel memory outside of the allocated kernel buffer, corrupt memory or XFS disk contents and cause the system to crash.
Successful exploitation of the vulnerability result in denial of service.
The weakness exists due to buffer overflow in the tpacket_rcv() function in 'net/packet/af_packet.c'. A local attacker can perform specially crafted system calls to write up to 10 bytes to kernel memory outside of the allocated kernel buffer, corrupt memory or XFS disk contents and cause the system to crash.
Successful exploitation of the vulnerability result in denial of service.
How to mitigate CVE-2017-14497
Update to version 4.13.