CVE-2017-6214
kernel: ipv4/tcp: Infinite loop in tcp_splice_read()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.
La función tcp_splice_read en net/ipv4/tcp.c en el kernel de Linux en versiones anteriores a 4.9.11 permite a atacantes remotos provocar una denegación de servicio (bucle infinito y bloqueo débil) a través de vectores que involucran un paquete TCP con la bandera URG.
A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-02-23 CVE Reserved
- 2017-02-23 CVE Published
- 2024-08-05 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (13)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/96421 | Vdb Entry | |
http://www.securitytracker.com/id/1037897 | Vdb Entry | |
https://source.android.com/security/bulletin/2017-09-01 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2017/dsa-3804 | 2019-10-03 | |
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11 | 2019-10-03 | |
https://access.redhat.com/errata/RHSA-2017:1372 | 2019-10-03 | |
https://access.redhat.com/errata/RHSA-2017:1615 | 2019-10-03 | |
https://access.redhat.com/errata/RHSA-2017:1616 | 2019-10-03 | |
https://access.redhat.com/errata/RHSA-2017:1647 | 2019-10-03 | |
https://access.redhat.com/security/cve/CVE-2017-6214 | 2017-06-28 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1426542 | 2017-06-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.9.10 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.9.10" | - |
Affected
|