CVE-2017-13715 in Linuxinfo

Summary

by MITRE • 01/25/2023

The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 01/25/2023

The vulnerability identified as CVE-2017-13715 resides within the Linux kernel's network packet processing subsystem, specifically in the __skb_flow_dissect function located at net/core/flow_dissector.c. This flaw represents a critical security issue that affects Linux kernel versions prior to 4.3, where the function fails to properly initialize essential protocol identifier variables including n_proto, ip_proto, and thoff. The vulnerability stems from insufficient input validation and initialization practices within the kernel's packet flow dissection logic, creating a path for malicious actors to exploit the system's network handling capabilities.

The technical exploitation of this vulnerability occurs through the crafting of a single, malicious MPLS (Multiprotocol Label Switching) packet that triggers the uninitialized variable behavior. When the kernel processes this malformed packet, the lack of proper initialization for the protocol identifiers leads to unpredictable memory states and potential kernel memory corruption. This condition can result in kernel panic or system crashes, effectively causing a denial of service condition that renders the affected system non-operational. In some scenarios, the uninitialized variables may also provide attackers with opportunities to manipulate kernel memory contents, potentially enabling arbitrary code execution with kernel-level privileges.

The operational impact of CVE-2017-13715 extends beyond simple system availability disruption, as it represents a fundamental flaw in the kernel's network stack integrity. Systems running vulnerable kernel versions are at risk of complete service interruption, particularly those relying heavily on network connectivity or operating in environments where continuous availability is critical. The vulnerability affects any Linux system that processes MPLS packets, making it particularly concerning for network infrastructure devices, routers, and systems handling diverse network protocols. The attack vector requires only a single crafted packet to be sent to the target system, making this vulnerability highly exploitable and potentially devastating in networked environments.

This vulnerability maps directly to CWE-457: Use of Uninitialized Variable, which is classified under the Common Weakness Enumeration framework as a critical flaw in software development practices. The issue also aligns with ATT&CK technique T1059.005: "Command and Scripting Interpreter: Python" in the context of exploitation, though more accurately represents a kernel-level privilege escalation vector. The vulnerability demonstrates poor defensive programming practices where essential variables are not properly initialized before use, violating fundamental security principles of input validation and memory safety. Organizations should immediately implement kernel updates to version 4.3 or later, as this represents the most effective mitigation strategy. Additional network segmentation and packet filtering rules can provide temporary protection, though these measures do not address the underlying kernel flaw and should be considered supplementary rather than primary defenses.

Reservation

08/28/2017

Disclosure

08/28/2017

Moderation

accepted

CPE

ready

EPSS

0.09652

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!