CVE-2017-18017

CRITICAL EPSS 98.8%
Published Jan 3, 20188y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Jan 3, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
98.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 66

VendorProductVersionRange
linuxlinux_kernel*≥3.2  –  <3.2.99
linuxlinux_kernel*≥3.3  –  <3.10.108
linuxlinux_kernel*≥3.11  –  <3.16.54
linuxlinux_kernel*≥3.17  –  <3.18.60
linuxlinux_kernel*≥3.19  –  <4.1.43
linuxlinux_kernel*≥4.2  –  <4.4.76
linuxlinux_kernel*≥4.5  –  <4.9.36
linuxlinux_kernel*≥4.10  –  <4.11
debiandebian_linux7.0any
debiandebian_linux8.0any
aristaeos4.20.1fx-virtual-routerany
f5arx*≥6.2.0  –  ≤6.4.0
susecaas_platform*any
suselinux_enterprise_debuginfo11any
suselinux_enterprise_debuginfo11any
suselinux_enterprise_module_for_public_cloud12any
suselinux_enterprise_point_of_sale11any
suseopenstack_cloud6any
opensuseleap42.3any
suselinux_enterprise_desktop12any
suselinux_enterprise_desktop12any
suselinux_enterprise_high_availability12any
suselinux_enterprise_high_availability12any
suselinux_enterprise_high_availability_extension11any
suselinux_enterprise_live_patching12any
suselinux_enterprise_live_patching12any
suselinux_enterprise_real_time_extension11any
suselinux_enterprise_real_time_extension12any
suselinux_enterprise_real_time_extension12any
suselinux_enterprise_server11any
suselinux_enterprise_server11any
suselinux_enterprise_server12any
suselinux_enterprise_server12any
suselinux_enterprise_server12any
suselinux_enterprise_server12any
suselinux_enterprise_server12any
suselinux_enterprise_server12any
suselinux_enterprise_software_development_kit11any
suselinux_enterprise_software_development_kit12any
suselinux_enterprise_software_development_kit12any
suselinux_enterprise_workstation_extension12any
suselinux_enterprise_workstation_extension12any
openstackcloud_magnum_orchestration7any
canonicalubuntu_linux12.04any
canonicalubuntu_linux14.04any
redhatmrg_realtime2.0any
redhatenterprise_linux_desktop6.0any
redhatenterprise_linux_desktop7.0any
redhatenterprise_linux_eus7.3any
redhatenterprise_linux_eus7.4any
redhatenterprise_linux_eus7.6any
redhatenterprise_linux_eus7.7any
redhatenterprise_linux_for_real_time7any
redhatenterprise_linux_for_real_time_for_nfv7any
redhatenterprise_linux_server6.0any
redhatenterprise_linux_server7.0any
redhatenterprise_linux_server_aus7.3any
redhatenterprise_linux_server_aus7.4any
redhatenterprise_linux_server_aus7.6any
redhatenterprise_linux_server_aus7.7any
redhatenterprise_linux_server_tus7.3any
redhatenterprise_linux_server_tus7.4any
redhatenterprise_linux_server_tus7.6any
redhatenterprise_linux_server_tus7.7any
redhatenterprise_linux_workstation6.0any
redhatenterprise_linux_workstation7.0any

References 33

  • git.kernel.org http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901
    PatchThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html
    Mailing ListThird Party Advisory
  • patchwork.ozlabs.org http://patchwork.ozlabs.org/patch/746618/
    PatchThird Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/102367
    Broken LinkThird Party AdvisoryVDB Entry
  • ubuntu.com http://www.ubuntu.com/usn/USN-3583-1
    Third Party Advisory
  • ubuntu.com http://www.ubuntu.com/usn/USN-3583-2
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2018:0676
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2018:1062
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2018:1130
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2018:1170
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2018:1319
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2018:1737
    Third Party Advisory
  • bugs.launchpad.net https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765
    Issue TrackingThird Party Advisory
  • github.com https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901
    PatchThird Party Advisory
  • help.ecostruxureit.com https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
    Mailing ListThird Party Advisory
  • lkml.org https://lkml.org/lkml/2017/4/2/13
    Third Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20250103-0010/
  • support.f5.com https://support.f5.com/csp/article/K18352029
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/3583-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/3583-2/
    Third Party Advisory
  • arista.com https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34
    MitigationThird Party Advisory
  • debian.org https://www.debian.org/security/2018/dsa-4187
    Third Party Advisory
  • kernel.org https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36
    Release NotesVendor Advisory

Remediation

  • git.kernel.org http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901
    PatchThird Party Advisory
  • patchwork.ozlabs.org http://patchwork.ozlabs.org/patch/746618/
    PatchThird Party Advisory
  • github.com https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901
    PatchThird Party Advisory