How severe is CVE-2017-1000112?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2017-1000112?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2017-1000112

HIGH Year: 2017

CVSS v3 Score

7.0

High

CVSS v2 Score

6.9

Medium

Weakness Type

CWE-362

View all →

Vulnerability Description

Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005.

CVE-2009-3547

HIGH

CVSS:7.0(High)

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting ...

CWE-3622009

CVE-2010-1437

HIGH

CVSS:7.0(High)

Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system ...

CWE-3622010

CVE-2010-5159

HIGH

CVSS:7.0(High)

Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler bu...

CWE-3622010

CVE-2010-5169

HIGH

CVSS:7.0(High)

Race condition in Online Armor Premium 4.0.0.35 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not bl...

CWE-3622010

CVE-2010-5181

HIGH

CVSS:7.0(High)

Race condition in VIPRE Antivirus Premium 4.0.3272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not...

CWE-3622010

CVE-2011-0699

HIGH

CVSS:7.0(High)

Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified oth...

CWE-3622011

CVE-2017-1000112

Vulnerability Description

Related Vulnerabilities

CVE-2009-3547

CVE-2010-1437

CVE-2010-5159

CVE-2010-5169

CVE-2010-5181

CVE-2011-0699