The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 4.9.18-1linux_4.9.18-1_all.deb
Debian11alllinux< 4.9.18-1linux_4.9.18-1_all.deb
Debian999alllinux< 4.9.18-1linux_4.9.18-1_all.deb
Debian13alllinux< 4.9.18-1linux_4.9.18-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 4.9.18-1	linux_4.9.18-1_all.deb
Debian	11	all	linux	< 4.9.18-1	linux_4.9.18-1_all.deb
Debian	999	all	linux	< 4.9.18-1	linux_4.9.18-1_all.deb
Debian	13	all	linux	< 4.9.18-1	linux_4.9.18-1_all.deb

oraclelinux 10

cvelist 1

redhatcve 2

exploitpack 2

openvas 27

metasploit 1

hackerone 1

nessus 53

veracode 1

virtuozzo 1

packetstorm 1

zdt 3

suse 30

cloudfoundry 1

nvd 1

ubuntu 2

cve 1

ubuntucve 1

prion 1

seebug 1

f5 1

exploitdb 3

threatpost 1

photon 3

fedora 2

googleprojectzero 1

redhat 4

centos 2

amazon 1

ibm 2

mageia 3

osv 1

kitploit 1

debian 1

androidsecurity 1

oraclelinux

Unbreakable Enterprise kernel security update

2017-06-01 00:00:00

Unbreakable Enterprise kernel security update

2017-06-01 00:00:00

kernel security, bug fix, and enhancement update

2017-05-26 00:00:00

cvelist

CVE-2017-7308

2017-03-29 20:00:00

redhatcve

CVE-2017-7308

2019-10-25 00:24:39

CVE-2021-22600

2022-01-28 20:58:25

exploitpack

Linux Kernel 4.8.0-34 4.8.0-45 (Ubuntu Linux Mint) - Packet Socket Local Privilege Escalation

2018-12-29 00:00:00

Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation

2017-05-11 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2017:1287-1)

2021-04-19 00:00:00

Ubuntu: Security Advisory (USN-3256-2)

2017-04-06 00:00:00

SUSE: Security Advisory (SUSE-SU-2017:1299-1)

2021-04-19 00:00:00

metasploit

AF_PACKET packet_set_ring Privilege Escalation

2018-04-28 01:40:17

hackerone

Internet Bug Bounty: Linux kernel: CVE-2017-7308: a signedness issue in AF_PACKET sockets

2019-08-29 13:48:44

nessus

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:1302-1)

2017-05-16 00:00:00

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3580)

2017-06-02 00:00:00

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:1300-1)

2017-05-16 00:00:00

veracode

Out-Of-Bounds Write

2019-05-02 06:11:33

virtuozzo

Kernel security update: Virtuozzo ReadyKernel patch 17.0 for kernels 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0), 3.10.0-327.36.1.vz7.18.7 (Virtuozzo 7.0.1), and 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3)

2017-04-04 00:00:00

packetstorm

AF_PACKET packet_set_ring Privilege Escalation

2018-05-17 00:00:00

zdt

Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation Exploit

2018-05-18 00:00:00

Linux Kernel 4.8.0 - Packet Socket Local root Privilege Escalation Exploit

2017-05-12 00:00:00

Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation

2019-07-26 00:00:00

suse

Security update for Linux Kernel Live Patch 18 for SLE 12 (important)

2017-05-15 21:20:49

Security update for Linux Kernel Live Patch 17 for SLE 12 (important)

2017-05-15 21:10:57

Security update for Linux Kernel Live Patch 13 for SLE 12 (important)

2017-05-15 21:31:58

cloudfoundry

USN-3256-2: Linux kernel (HWE) vulnerability | Cloud Foundry

2017-04-12 00:00:00

nvd

CVE-2017-7308

2017-03-29 20:59:00

ubuntu

Linux kernel (HWE) vulnerability

2017-04-05 00:00:00

Linux kernel vulnerability

2017-04-05 00:00:00

cve

CVE-2017-7308

2017-03-29 20:59:00

ubuntucve

CVE-2017-7308

2017-03-29 00:00:00

prion

Integer overflow

2017-03-29 20:59:00

seebug

Linux kernel Local Denial of Service Vulnerability (CVE-2017-7308 )

2017-05-11 00:00:00

K82224417 : Linux kernel vulnerability CVE-2017-7308

2017-05-05 00:00:00

exploitdb

Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation (Metasploit)

2018-05-18 00:00:00

Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation

2018-12-29 00:00:00

Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation

2017-05-11 00:00:00

threatpost

RSAC 2019: Container Escape Hack Targets Vulnerable Linux Kernel

2019-03-04 13:30:17

photon

Important Photon OS Security Update - PHSA-2017-0041

2017-05-11 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0011

2017-04-14 00:00:00

Critical Photon OS Security Update - PHSA-2018-0031

2018-03-29 00:00:00

fedora

[SECURITY] Fedora 25 Update: kernel-4.10.10-200.fc25

2017-04-17 20:54:22

[SECURITY] Fedora 24 Update: kernel-4.10.10-100.fc24

2017-04-17 20:54:45

googleprojectzero

Exploiting the Linux kernel via packet sockets

2017-05-10 00:00:00

redhat

(RHSA-2017:1297) Important: kernel-rt security and bug fix update

2017-05-25 13:15:44

(RHSA-2017:1298) Important: kernel-rt security and bug fix update

2017-05-25 13:21:34

(RHSA-2017:1308) Important: kernel security, bug fix, and enhancement update

2017-05-25 13:27:24

centos

kernel, perf, python security update

2017-05-26 02:33:51

kernel, perf, python security update

2018-06-21 11:55:42

amazon

Important: kernel

2017-05-10 17:06:00

ibm

Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel

2018-06-16 22:02:59

Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM

2018-06-18 01:38:07

mageia

Updated kernel packages fixes security vulnerabilities

2017-05-10 23:47:44

Updated kernel-tmb packages fixes security vulnerabilities

2017-05-26 09:54:58

Updated kernel-linus packages fixes security vulnerabilities

2017-05-26 09:54:58

osv

linux - security update

2017-04-28 00:00:00

kitploit

Kernelpop - Kernel Privilege Escalation Enumeration And Exploitation Framework

2017-11-04 13:30:00

debian

[SECURITY] [DLA 922-1] linux security update

2017-04-28 12:39:18

androidsecurity

Android Security Bulletin—July 2017

2017-07-05 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

37.9%

JSON

Related for DEBIANCVE:CVE-2017-7308