CVE-2017-14489

medium

Description

The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.

References

https://www.exploit-db.com/exploits/42932/

https://usn.ubuntu.com/3583-2/

https://usn.ubuntu.com/3583-1/

https://patchwork.kernel.org/patch/9923803/

https://bugzilla.redhat.com/show_bug.cgi?id=1490421

http://www.securityfocus.com/bid/101011

http://www.debian.org/security/2017/dsa-3981

Details

Source: Mitre, NVD

Published: 2017-09-15

Updated: 2018-03-16

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H