SecuritySpace - CVE-2017-6347

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2017-6347

Description: The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission.

Test IDs: 1.3.6.1.4.1.25623.1.0.872432 1.3.6.1.4.1.25623.1.0.872433

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2017-6347
BugTraq ID: 96487
http://www.securityfocus.com/bid/96487
http://www.openwall.com/lists/oss-security/2017/02/28/5

CVE ID:	CVE-2017-6347
Description:	The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission.
Test IDs:	1.3.6.1.4.1.25623.1.0.872432 1.3.6.1.4.1.25623.1.0.872433
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6347 BugTraq ID: 96487 http://www.securityfocus.com/bid/96487 http://www.openwall.com/lists/oss-security/2017/02/28/5