Vulnerability Details CVE-2017-17857
The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 30.9%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea25f914dc164c8d56b36147ecc86bc65f83c469
- http://www.openwall.com/lists/oss-security/2017/12/21/2
- https://github.com/torvalds/linux/commit/ea25f914dc164c8d56b36147ecc86bc65f83c469
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea25f914dc164c8d56b36147ecc86bc65f83c469
- http://www.openwall.com/lists/oss-security/2017/12/21/2
- https://github.com/torvalds/linux/commit/ea25f914dc164c8d56b36147ecc86bc65f83c469
Products affected by CVE-2017-17857
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:linux:linux_kernel:4.14
-
cpe:2.3:o:linux:linux_kernel:4.14.1
-
cpe:2.3:o:linux:linux_kernel:4.14.2
-
cpe:2.3:o:linux:linux_kernel:4.14.3
-
cpe:2.3:o:linux:linux_kernel:4.14.4
-
cpe:2.3:o:linux:linux_kernel:4.14.5
-
cpe:2.3:o:linux:linux_kernel:4.14.6
-
cpe:2.3:o:linux:linux_kernel:4.14.7
-
cpe:2.3:o:linux:linux_kernel:4.14.8