CVE-2017-14051

low-risk

Published 2017-08-31

An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.

Do I need to act?

-

0.11% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

4

CVSS 4.4/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (12)

http://www.securityfocus.com/bid/100571

Issue Tracking https://bugzilla.kernel.org/show_bug.cgi?id=194061

https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html

Patch https://patchwork.kernel.org/patch/9929625/

https://usn.ubuntu.com/3583-1/

https://usn.ubuntu.com/3583-2/

http://www.securityfocus.com/bid/100571

Issue Tracking https://bugzilla.kernel.org/show_bug.cgi?id=194061

https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html

Patch https://patchwork.kernel.org/patch/9929625/

https://usn.ubuntu.com/3583-1/

https://usn.ubuntu.com/3583-2/

20

/ 100

low-risk

Severity 15/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal