CVE-2017-5897
Ubuntu Security Notice USN-3361-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.
La función ip6gre_err en net/ipv6/ip6_gre.c en el kernel de Linux permite a atacantes remotos tener impacto no especificado a través de vectores involucrando indicadores GRE flags en un paquete IPv6, que desencadenan un acceso fuera de los límites.
USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from Ubuntu 16.10. Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-02-07 CVE Reserved
- 2017-02-22 CVE Published
- 2024-08-05 CVE Updated
- 2025-06-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/02/07/2 | Mailing List |
|
| http://www.securityfocus.com/bid/96037 | Third Party Advisory | |
| http://www.securitytracker.com/id/1037794 | Third Party Advisory | |
| https://source.android.com/security/bulletin/2017-09-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756 | 2022-11-03 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3791 | 2022-11-03 | |
| https://usn.ubuntu.com/3754-1 | 2022-11-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.7 < 3.10.106 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.7 < 3.10.106" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 3.12.71 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.71" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.13 < 3.16.41 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.16.41" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.18.49 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.49" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.19 < 4.4.50 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.4.50" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.11" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||