{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-05-19T00:00:00", "descriptions": [{"lang": "en", "value": "The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-19T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "98597", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98597"}, {"name": "RHSA-2017:2669", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2669"}, {"name": "RHSA-2018:1854", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1854"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://source.android.com/security/bulletin/2017-10-01"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8"}, {"name": "RHSA-2017:2077", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2077"}, {"name": "DSA-3886", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3886"}, {"name": "RHSA-2017:1842", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1842"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://patchwork.ozlabs.org/patch/763569/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9075", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "98597", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98597"}, {"name": "RHSA-2017:2669", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2669"}, {"name": "RHSA-2018:1854", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1854"}, {"name": "https://source.android.com/security/bulletin/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-10-01"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8"}, {"name": "https://github.com/torvalds/linux/commit/fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8"}, {"name": "RHSA-2017:2077", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2077"}, {"name": "DSA-3886", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3886"}, {"name": "RHSA-2017:1842", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1842"}, {"name": "https://patchwork.ozlabs.org/patch/763569/", "refsource": "CONFIRM", "url": "https://patchwork.ozlabs.org/patch/763569/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:55:22.125Z"}, "title": "CVE Program Container", "references": [{"name": "98597", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98597"}, {"name": "RHSA-2017:2669", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2669"}, {"name": "RHSA-2018:1854", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1854"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://source.android.com/security/bulletin/2017-10-01"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8"}, {"name": "RHSA-2017:2077", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2077"}, {"name": "DSA-3886", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3886"}, {"name": "RHSA-2017:1842", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1842"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://patchwork.ozlabs.org/patch/763569/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9075", "datePublished": "2017-05-19T06:25:00", "dateReserved": "2017-05-19T00:00:00", "dateUpdated": "2024-08-05T16:55:22.125Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A5C1F01-214B-4477-A3A1-F6DF10181D3C", "versionEndExcluding": "3.2.89", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C1901E2-6C4D-488B-A7CE-F7E14A38418F", "versionEndExcluding": "3.16.44", "versionStartIncluding": "3.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5837A5CA-266C-4BC5-B95F-1344AE42D24F", "versionEndExcluding": "3.18.56", "versionStartIncluding": "3.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EDD29F4-10F1-415A-877F-5586A004E320", "versionEndExcluding": "4.1.42", "versionStartIncluding": "3.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF0C6096-CC39-4352-AFAF-5D7A7C5C2838", "versionEndExcluding": "4.4.71", "versionStartIncluding": "4.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "001F55C3-810A-444F-AE18-F067A84F6B31", "versionEndExcluding": "4.9.31", "versionStartIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A25FD29-5617-4236-AC9A-6D68DC220925", "versionEndExcluding": "4.11.4", "versionStartIncluding": "4.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890."}, {"lang": "es", "value": "La funci\u00f3n sctp_v6_create_accept_sk en net/sctp/ipv6.c en el kernel de Linux hasta la versi\u00f3n 4.11.1 gestiona de manera incorrecta la herencia, lo que permite que usuarios locales provoquen una denegaci\u00f3n de servicio (DoS) o, probablemente, causen otro impacto no especificado mediante llamadas de sistema manipuladas. Este problema est\u00e1 relacionado con CVE-2017-8890."}], "id": "CVE-2017-9075", "lastModified": "2023-02-24T18:39:18.950", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-19T07:29:00.260", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory", "Patch"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2017/dsa-3886"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98597"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1842"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2077"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2669"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1854"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/torvalds/linux/commit/fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://patchwork.ozlabs.org/patch/763569/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://source.android.com/security/bulletin/2017-10-01"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:1854", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-754.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2018-06-19T00:00:00Z"}, {"advisory": "RHSA-2017:2077", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-693.rt56.617.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1842", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-693.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:2669", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2017-09-06T00:00:00Z"}], "bugzilla": {"description": "kernel: net: sctp_v6_create_accept_sk function mishandles inheritance", "id": "1452691", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452691"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.", "The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely."], "name": "CVE-2017-9075", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2017-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-9075\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9075"], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "threat_severity": "Moderate"}