Base Score

MEDIUM5.5

CVE-2017-9242

The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.

VectorLOCAL

Published Bycve@mitre.org

Published DateMay 27, 2017, 01:29

Weakness Type (CWE):CWE-20

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

Base Score

MEDIUM5.5

Weakness Type (CWE):CWE-20

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH