CVE-2017-2671
Linux Kernel - 'ping' Local Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
En LightDM en versiones hasta 1.22.0, un problema de directorio transversal en debian/guest-account.sh permite a atacantes locales allows local attackers poseer ubicaciones de ruta de directorio arbitrarias y escalar privilegios a raĆz cuando el usuario invitado se cierra.
A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system.
The Linux kernel suffers from a ping local denial of service vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-01 CVE Reserved
- 2017-04-05 CVE Published
- 2017-06-08 First Exploit
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://openwall.com/lists/oss-security/2017/04/04/8 | Mailing List | |
| http://www.securityfocus.com/bid/97407 | Third Party Advisory | |
| https://github.com/danieljiang0415/android_kernel_crash_poc | Third Party Advisory | |
| https://twitter.com/danieljiang0415/status/845116665184497664 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/42135 | 2024-08-05 | |
| https://github.com/homjxi0e/CVE-2017-2671 | 2017-06-08 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:1842 | 2023-02-12 | |
| https://access.redhat.com/errata/RHSA-2017:2077 | 2023-02-12 | |
| https://access.redhat.com/errata/RHSA-2017:2669 | 2023-02-12 | |
| https://access.redhat.com/errata/RHSA-2018:1854 | 2023-02-12 | |
| https://usn.ubuntu.com/3754-1 | 2023-02-12 | |
| https://access.redhat.com/security/cve/CVE-2017-2671 | 2018-06-19 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1436649 | 2018-06-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.10.8 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.10.8" | - |
Affected
| ||||||