CVE-2017-18222 - Vulncode-DB

CVE-2017-18222 (NVD)

2018-03-08

In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings.

Products	Linux_kernel
Type	Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)
First patch	https://github.com/torvalds/linux/commit/412b65d15a7f8a93794653968308fc100f2aa87c
Relevant file/s	• ./drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c (modified, +1, -1) • ./drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c (modified, +1, -1) • ./drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c (modified, +1, -1) • ./drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c (modified, +1, -1)
Links	• http://www.securityfocus.com/bid/103349 • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=412b65d15a7f8a93794653968308fc100f2aa87c • https://usn.ubuntu.com/3654-2/ • https://usn.ubuntu.com/3654-1/ • https://www.debian.org/security/2018/dsa-4188 More/Less (1) • https://usn.ubuntu.com/3656-1/

linux - Tree: 412b65d15a

(? files)

Filter Settings

All Files

Relevant Files

Vulnerable Files

Patched Files

Files

VS-Dark VS-Bright Monokai Darcula

Navigation

Patch data:

(on by default)

Patched area: