CVE-2017-12762

moderate-risk
Published 2017-08-09

In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.

Do I need to act?

~
1.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (3)

Affected Vendors

Linux Canonical

References (14)

Mailing List http://www.openwall.com/lists/oss-security/2020/02/11/1
Mailing List http://www.openwall.com/lists/oss-security/2020/02/11/2
Mailing List http://www.openwall.com/lists/oss-security/2020/02/14/4
Third Party Advisory http://www.securityfocus.com/bid/100251
Patch https://patchwork.kernel.org/patch/9880041/
Third Party Advisory https://usn.ubuntu.com/3620-1/
Third Party Advisory https://usn.ubuntu.com/3620-2/
Mailing List http://www.openwall.com/lists/oss-security/2020/02/11/1
Mailing List http://www.openwall.com/lists/oss-security/2020/02/11/2
Mailing List http://www.openwall.com/lists/oss-security/2020/02/14/4
Third Party Advisory http://www.securityfocus.com/bid/100251
Patch https://patchwork.kernel.org/patch/9880041/
Third Party Advisory https://usn.ubuntu.com/3620-1/
Third Party Advisory https://usn.ubuntu.com/3620-2/
45
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 4/34 · Minimal
Exposure 9/34 · Low