CVE-2017-17854 - Vulncode-DB

CVE-2017-17854 (NVD)

2017-12-27

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.

Products	Debian_linux, Linux_kernel
Type	Integer Overflow or Wraparound (CWE-190)
First patch	https://github.com/torvalds/linux/commit/bb7f0f989ca7de1153bd128a40a71709e339fa03
Relevant file/s	• ./include/linux/bpf_verifier.h (modified, +2, -2) • ./kernel/bpf/verifier.c (modified, +48)
Links	• http://www.openwall.com/lists/oss-security/2017/12/21/2 • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bb7f0f989ca7de1153bd128a40a71709e339fa03

linux - Tree: bb7f0f989c

(? files)

Filter Settings

All Files

Relevant Files

Vulnerable Files

Patched Files

Files

VS-Dark VS-Bright Monokai Darcula

Navigation

Patch data:

(on by default)

Patched area: