CVE-2017-5897

CRITICAL EPSS 91.1%
Published Mar 23, 20179y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Mar 23, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
91.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥3.7  –  <3.10.106
linuxlinux_kernel*≥3.11  –  <3.12.71
linuxlinux_kernel*≥3.13  –  <3.16.41
linuxlinux_kernel*≥3.17  –  <3.18.49
linuxlinux_kernel*≥3.19  –  <4.4.50
linuxlinux_kernel*≥4.5  –  <4.9.11
canonicalubuntu_linux14.04any
debiandebian_linux8.0any

References 7

  • debian.org http://www.debian.org/security/2017/dsa-3791
    Third Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2017/02/07/2
    Mailing ListThird Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/96037
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1037794
    Third Party AdvisoryVDB Entry
  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756
    PatchThird Party Advisory
  • source.android.com https://source.android.com/security/bulletin/2017-09-01
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/3754-1/
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756
    PatchThird Party Advisory