Upstream information
Description
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.SUSE information
| National Vulnerability Database | SUSE | |
|---|---|---|
| Base Score | 10.00 | 6.89 |
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C | AV:L/AC:M/Au:N/C:C/I:C/A:C |
| Access Vector | Network | Local |
| Access Complexity | Low | Medium |
| Authentication | None | None |
| Confidentiality Impact | Complete | Complete |
| Integrity Impact | Complete | Complete |
| Availability Impact | Complete | Complete |
| National Vulnerability Database | SUSE | |
|---|---|---|
| Base Score | 9.8 | 7.8 |
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Access Vector | Network | Local |
| Access Complexity | Low | Low |
| Privileges Required | None | Low |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality Impact | High | High |
| Integrity Impact | High | High |
| Availability Impact | High | High |
This issue is currently rated as having low severity.
SUSE Bugzilla entries: 1038544 [IN_PROGRESS], 1038564 [IN_PROGRESS], 1039883 [IN_PROGRESS], 1039885 [IN_PROGRESS], 1040069 [IN_PROGRESS], 1042364 [IN_PROGRESS] SUSE Security Advisories:- openSUSE-SU-2017:1513-1, published Thu, 8 Jun 2017 18:13:15 +0200 (CEST)
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE Leap 42.2 |
| Patchnames: openSUSE-2017-666 |
List of planned updates
The following information is the current evaluation information for this security issue. It might neither be accurate nor complete, Use at own risk.| Product(s) | Source package |
|---|---|
| kernel-source |
| kernel-source |
| kernel-source |
| kernel-source |
