CVE-2017-7979 Information

Description

The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array which allows local users to cause a denial of service (uninitialized memory access and refcount underflow and system hang or crash) or possibly have unspecified other impact via \tc filter add\ commands in certain contexts. NOTE: this does not affect stable kernels such as 4.10.x from kernel.org.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://marc.info/?l=linux-netdev&m=149200742616349 http://marc.info/?l=linux-netdev&m=149200746116365 http://marc.info/?l=linux-netdev&m=149200746116366 http://marc.info/?l=linux-netdev&m=149251041420194 http://marc.info/?l=linux-netdev&m=149251041420195 http://www.securityfocus.com/bid/97969 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1682368 https://bugzilla.proxmox.com/show_bug.cgi?id=1351

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8