CVE-2018-17977

ADVISORY - nist

Summary

The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.

EPSS Score: 0.00379 (0.300)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Uncontrolled Resource Consumption

ADVISORY - redhat

Uncontrolled Resource Consumption


NIST

CREATED

UPDATED

EXPLOITABILITY SCORE

0.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

4.4medium

Debian

CREATED

UPDATED

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

UPDATED

EXPLOITABILITY SCORE

0.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

4.4medium

Red Hat

CREATED

UPDATED

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

4.9medium

Photon

CREATED

UPDATED

ADVISORY ID

CVE-2018-17977

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

4.4medium