CVE-2017-7308

high-risk
Published 2017-03-29

The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.

Do I need to act?

!
87.0% chance of exploitation in next 30 days
EPSS score — higher than 13% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
3 public exploits available
44654, 47168, 41994
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Linux

References (24)

Third Party Advisory http://www.securityfocus.com/bid/97234
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1297
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1298
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1308
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1854
Third Party Advisory https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packe...
Third Party Advisory https://patchwork.ozlabs.org/patch/744811/
Third Party Advisory https://patchwork.ozlabs.org/patch/744812/
Third Party Advisory https://patchwork.ozlabs.org/patch/744813/
Third Party Advisory https://source.android.com/security/bulletin/2017-07-01
Third Party Advisory https://www.exploit-db.com/exploits/41994/
Third Party Advisory https://www.exploit-db.com/exploits/44654/
Third Party Advisory http://www.securityfocus.com/bid/97234
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1297
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1298
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1308
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1854
Third Party Advisory https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packe...
Third Party Advisory https://patchwork.ozlabs.org/patch/744811/
Third Party Advisory https://patchwork.ozlabs.org/patch/744812/
and 4 more references
56
/ 100
high-risk
Severity 24/34 · High
Exploitability 27/34 · High
Exposure 5/34 · Minimal