CVE-2017-13715
CRITICAL EPSS 94.9%
Published Aug 29, 20178y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Published Aug 29, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
Description
The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
94.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-665
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥4.2 – <4.3 |
References 4
- git.kernel.org http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a6e544b0a88b53114bfa5a57e21b7be7a8dfc9d0
- seclists.org http://seclists.org/oss-sec/2017/q3/345
- securityfocus.com http://www.securityfocus.com/bid/100517
- github.com https://github.com/torvalds/linux/commit/a6e544b0a88b53114bfa5a57e21b7be7a8dfc9d0
Remediation
- git.kernel.org http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a6e544b0a88b53114bfa5a57e21b7be7a8dfc9d0
- github.com https://github.com/torvalds/linux/commit/a6e544b0a88b53114bfa5a57e21b7be7a8dfc9d0