A vulnerability was found in Linux Kernel up to 4.2 (Operating System). It has been rated as critical. This issue affects the function __skb_flow_dissect of the file net/core/flow_dissector.c. The manipulation of the argument n_proto/ip_proto/thoff as part of a MPLS Packet leads to a input validation vulnerability. Using CWE to declare the problem leads to CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. Impacted is availability. The summary by CVE is:

The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet.

The bug was discovered 08/24/2017. The weakness was disclosed 08/29/2017 as confirmed git commit (GIT Repository). The advisory is shared at git.kernel.org. The identification of this vulnerability is CVE-2017-13715 since 08/28/2017. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details are known, but no exploit is available.

The vulnerability was handled as a non-public zero-day exploit for at least 4 days. During that time the estimated underground price was around $5k-$25k.

Upgrading to version 4.3 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be patching the affected component.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 4.0
• 4.1
• 4.2

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion