CVE-2017-13686 — HIGH (7.8)

Vulnerability Description

net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	4.13

Related Weaknesses (CWE)

CWE-476

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bc3aaePatchVendor Advisory
https://github.com/torvalds/linux/commit/bc3aae2bbac46dd894c89db5d5e98f7f0ef9e20PatchThird Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bc3aaePatchVendor Advisory
https://github.com/torvalds/linux/commit/bc3aae2bbac46dd894c89db5d5e98f7f0ef9e20PatchThird Party Advisory

FAQ

What is CVE-2017-13686?

CVE-2017-13686 is a vulnerability with a CVSS score of 7.8 (HIGH). net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer...

How severe is CVE-2017-13686?

CVE-2017-13686 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-13686?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.