Upstream information
Description
The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org.SUSE information
| National Vulnerability Database | SUSE | |
|---|---|---|
| Base Score | 7.15 | 4.38 |
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C | AV:L/AC:M/Au:N/C:P/I:P/A:P |
| Access Vector | Local | Local |
| Access Complexity | Low | Medium |
| Authentication | None | None |
| Confidentiality Impact | Complete | Partial |
| Integrity Impact | Complete | Partial |
| Availability Impact | Complete | Partial |
| National Vulnerability Database | |
|---|---|
| Base Score | 7.8 |
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Access Vector | Local |
| Access Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
