Linux Kernel CVE-2017-7979 Local Denial of Service Vulnerability

The Linux Kernel is prone to a local denial-of-service vulnerability.

A local attacker can exploit this issue to cause a denial-of-service condition.

Linux Kernel 4.11.0 through 4.11-rc7 are vulnerable.

Information

Bugtraq ID: 97969
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-7979

Remote: No
Local: Yes
Published: Apr 20 2017 12:00AM
Updated: Apr 24 2017 05:08PM
Credit: Fabian Grünbichler
Vulnerable: Linux kernel 4.11-rc7
Linux kernel 4.11-rc6
Linux kernel 4.11-rc5
Linux kernel 4.11-rc4
Linux kernel 4.11-rc3
Linux kernel 4.11-rc2
Linux kernel 4.11-rc1
Linux kernel 4.11

Not Vulnerable:

Exploit

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References:

• Linux kernel Homepage (kernel.org)
  
• [PATCH linux 1/2] net sched actions: fix access to uninitialized data (marc)
  
• [PATCH v2 net 1/2] net sched actions: fix access to uninitialized data (marc)
  
• Bug 1351 - VM not start if use network rate limit (like 12.5) (proxmox)
  
• CVE-2017-7979: Linux kernel: local DoS via packet action API (Seclists.org)
  
• refcount underflow / kernel NULL dereference after attempting to add basic tc fi (ubuntu)
  

Source: www.securityfocus.com