CVE-2017-5897
CRITICAL EPSS 91.1%
Published Mar 23, 20179y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Published Mar 23, 2017 9y ago
Last Modified Jun 17, 2026 2w ago
Description
The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
91.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-125 Out-of-bounds Read Memory Safety
Affected Products 8
References 7
- debian.org http://www.debian.org/security/2017/dsa-3791
- openwall.com http://www.openwall.com/lists/oss-security/2017/02/07/2
- securityfocus.com http://www.securityfocus.com/bid/96037
- securitytracker.com http://www.securitytracker.com/id/1037794
- git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756
- source.android.com https://source.android.com/security/bulletin/2017-09-01
- usn.ubuntu.com https://usn.ubuntu.com/3754-1/
Remediation
- git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756