CVE-2017-18017

critical-risk
Published 2018-01-03

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

Do I need to act?

!
34.3% chance of exploitation in next 30 days
EPSS score — higher than 66% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Eos
Arx
Caas Platform

Affected Vendors

Debian Redhat Linux Suse F5 Canonical Opensuse Openstack Arista

References (65)

Patch http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd...
Mailing List http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html
Patch http://patchwork.ozlabs.org/patch/746618/
Broken Link http://www.securityfocus.com/bid/102367
Third Party Advisory http://www.ubuntu.com/usn/USN-3583-1
Third Party Advisory http://www.ubuntu.com/usn/USN-3583-2
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0676
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1062
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1130
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1170
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1319
and 45 more references
75
/ 100
critical-risk
Severity 32/34 · Critical
Exploitability 16/34 · Moderate
Exposure 27/34 · High