CVE-2017-18017
CRITICAL EPSS 98.8%
Published Jan 3, 20188y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Published Jan 3, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
98.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-416 Use After Free Memory Safety
Affected Products 66
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥3.2 – <3.2.99 |
| linux | linux_kernel | * | ≥3.3 – <3.10.108 |
| linux | linux_kernel | * | ≥3.11 – <3.16.54 |
| linux | linux_kernel | * | ≥3.17 – <3.18.60 |
| linux | linux_kernel | * | ≥3.19 – <4.1.43 |
| linux | linux_kernel | * | ≥4.2 – <4.4.76 |
| linux | linux_kernel | * | ≥4.5 – <4.9.36 |
| linux | linux_kernel | * | ≥4.10 – <4.11 |
| debian | debian_linux | 7.0 | any |
| debian | debian_linux | 8.0 | any |
| arista | eos | 4.20.1fx-virtual-router | any |
| f5 | arx | * | ≥6.2.0 – ≤6.4.0 |
| suse | caas_platform | * | any |
| suse | linux_enterprise_debuginfo | 11 | any |
| suse | linux_enterprise_debuginfo | 11 | any |
| suse | linux_enterprise_module_for_public_cloud | 12 | any |
| suse | linux_enterprise_point_of_sale | 11 | any |
| suse | openstack_cloud | 6 | any |
| opensuse | leap | 42.3 | any |
| suse | linux_enterprise_desktop | 12 | any |
| suse | linux_enterprise_desktop | 12 | any |
| suse | linux_enterprise_high_availability | 12 | any |
| suse | linux_enterprise_high_availability | 12 | any |
| suse | linux_enterprise_high_availability_extension | 11 | any |
| suse | linux_enterprise_live_patching | 12 | any |
| suse | linux_enterprise_live_patching | 12 | any |
| suse | linux_enterprise_real_time_extension | 11 | any |
| suse | linux_enterprise_real_time_extension | 12 | any |
| suse | linux_enterprise_real_time_extension | 12 | any |
| suse | linux_enterprise_server | 11 | any |
| suse | linux_enterprise_server | 11 | any |
| suse | linux_enterprise_server | 12 | any |
| suse | linux_enterprise_server | 12 | any |
| suse | linux_enterprise_server | 12 | any |
| suse | linux_enterprise_server | 12 | any |
| suse | linux_enterprise_server | 12 | any |
| suse | linux_enterprise_server | 12 | any |
| suse | linux_enterprise_software_development_kit | 11 | any |
| suse | linux_enterprise_software_development_kit | 12 | any |
| suse | linux_enterprise_software_development_kit | 12 | any |
| suse | linux_enterprise_workstation_extension | 12 | any |
| suse | linux_enterprise_workstation_extension | 12 | any |
| openstack | cloud_magnum_orchestration | 7 | any |
| canonical | ubuntu_linux | 12.04 | any |
| canonical | ubuntu_linux | 14.04 | any |
| redhat | mrg_realtime | 2.0 | any |
| redhat | enterprise_linux_desktop | 6.0 | any |
| redhat | enterprise_linux_desktop | 7.0 | any |
| redhat | enterprise_linux_eus | 7.3 | any |
| redhat | enterprise_linux_eus | 7.4 | any |
| redhat | enterprise_linux_eus | 7.6 | any |
| redhat | enterprise_linux_eus | 7.7 | any |
| redhat | enterprise_linux_for_real_time | 7 | any |
| redhat | enterprise_linux_for_real_time_for_nfv | 7 | any |
| redhat | enterprise_linux_server | 6.0 | any |
| redhat | enterprise_linux_server | 7.0 | any |
| redhat | enterprise_linux_server_aus | 7.3 | any |
| redhat | enterprise_linux_server_aus | 7.4 | any |
| redhat | enterprise_linux_server_aus | 7.6 | any |
| redhat | enterprise_linux_server_aus | 7.7 | any |
| redhat | enterprise_linux_server_tus | 7.3 | any |
| redhat | enterprise_linux_server_tus | 7.4 | any |
| redhat | enterprise_linux_server_tus | 7.6 | any |
| redhat | enterprise_linux_server_tus | 7.7 | any |
| redhat | enterprise_linux_workstation | 6.0 | any |
| redhat | enterprise_linux_workstation | 7.0 | any |
References 33
- git.kernel.org http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html
- patchwork.ozlabs.org http://patchwork.ozlabs.org/patch/746618/
- securityfocus.com http://www.securityfocus.com/bid/102367
- ubuntu.com http://www.ubuntu.com/usn/USN-3583-1
- ubuntu.com http://www.ubuntu.com/usn/USN-3583-2
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:0676
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:1062
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:1130
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:1170
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:1319
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:1737
- bugs.launchpad.net https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765
- github.com https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901
- help.ecostruxureit.com https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- lists.debian.org https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
- lkml.org https://lkml.org/lkml/2017/4/2/13
- security.netapp.com https://security.netapp.com/advisory/ntap-20250103-0010/
- support.f5.com https://support.f5.com/csp/article/K18352029
- usn.ubuntu.com https://usn.ubuntu.com/3583-1/
- usn.ubuntu.com https://usn.ubuntu.com/3583-2/
- arista.com https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34
- debian.org https://www.debian.org/security/2018/dsa-4187
- kernel.org https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36
Remediation
- git.kernel.org http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901
- patchwork.ozlabs.org http://patchwork.ozlabs.org/patch/746618/
- github.com https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901