CVE-2017-6214

kernel: ipv4/tcp: Infinite loop in tcp_splice_read()

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.

La función tcp_splice_read en net/ipv4/tcp.c en el kernel de Linux en versiones anteriores a 4.9.11 permite a atacantes remotos provocar una denegación de servicio (bucle infinito y bloqueo débil) a través de vectores que involucran un paquete TCP con la bandera URG.

A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-02-23 CVE Reserved
2017-02-23 CVE Published
2024-05-26 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CAPEC

References (13)

URL	Tag	Source
http://www.securityfocus.com/bid/96421	Vdb Entry
http://www.securitytracker.com/id/1037897	Vdb Entry
https://source.android.com/security/bulletin/2017-09-01	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccf7abb93af09ad0868ae9033d1ca8108bdaec82	2019-10-03
https://github.com/torvalds/linux/commit/ccf7abb93af09ad0868ae9033d1ca8108bdaec82	2019-10-03

URL	Date	SRC
http://www.debian.org/security/2017/dsa-3804	2019-10-03
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11	2019-10-03
https://access.redhat.com/errata/RHSA-2017:1372	2019-10-03
https://access.redhat.com/errata/RHSA-2017:1615	2019-10-03
https://access.redhat.com/errata/RHSA-2017:1616	2019-10-03
https://access.redhat.com/errata/RHSA-2017:1647	2019-10-03
https://access.redhat.com/security/cve/CVE-2017-6214	2017-06-28
https://bugzilla.redhat.com/show_bug.cgi?id=1426542	2017-06-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				<= 4.9.10 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.9.10"		-		Affected