CVE-2017-7477

Description

Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function.

References

Link	Tags
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee	patch
http://www.securitytracker.com/id/1038500	third party advisory vdb entry
https://access.redhat.com/errata/RHSA-2017:1615	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2017:1616	third party advisory vendor advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1445207	patch third party advisory issue tracking
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5294b83086cc1c35b4efeca03644cf9d12282e5b	patch
http://www.securityfocus.com/bid/98014	third party advisory vdb entry

Frequently Asked Questions

What is the severity of CVE-2017-7477?: CVE-2017-7477 has been scored as a high severity vulnerability.
How to fix CVE-2017-7477?: To fix CVE-2017-7477, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2017-7477 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2017-7477 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2017-7477?: CVE-2017-7477 affects n/a Linux kernel.

Description

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions