CVE-2017-1000407

The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.

CVSS v3.0 7.4 HIGH
CVSS v2.0 6.1 MEDIUM

7.4^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability : 2.8 / Impact : 4.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

6.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 6.5 / Impact : 6.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://www.spinics.net/lists/kvm/msg159809.html	Patch
https://access.redhat.com/security/cve/cve-2017-1000407	Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/12/04/2	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/102038	Third Party Advisory VDB Entry
https://www.debian.org/security/2017/dsa-4073	Third Party Advisory
https://www.debian.org/security/2018/dsa-4082	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html	Mailing List Third Party Advisory
https://usn.ubuntu.com/3583-2/	Third Party Advisory
https://usn.ubuntu.com/3583-1/	Third Party Advisory
https://usn.ubuntu.com/3617-2/	Third Party Advisory
https://usn.ubuntu.com/3617-1/	Third Party Advisory
https://usn.ubuntu.com/3619-1/	Third Party Advisory
https://usn.ubuntu.com/3619-2/	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1062	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0676	Third Party Advisory
https://usn.ubuntu.com/3632-1/	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1170

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:virtualization_host:4.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:4.15:rc1::::::
	cpe:2.3:o:linux:linux_kernel:4.15:rc2::::::

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

Information

Published : 2017-12-11 13:29

Updated : 2019-05-14 15:29

NVD link : CVE-2017-1000407

Mitre link : CVE-2017-1000407

JSON object : View

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

Products Affected

redhat

enterprise_linux_desktop
enterprise_linux_server_aus
enterprise_linux_workstation
enterprise_linux_server_tus
enterprise_linux_server_eus
virtualization_host
enterprise_linux_server

canonical

ubuntu_linux

linux

linux_kernel

debian

debian_linux

7.4 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

6.1 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2017-1000407

7.4^/10

6.1^/10

Attach tags to `CVE-2017-1000407`