What is the severity of CVE-2017-1000112?

CVE-2017-1000112 has been classified as a high-severity vulnerability due to the potential for memory corruption.

How do I fix CVE-2017-1000112?

To remediate CVE-2017-1000112, you should upgrade to a patched version of the Linux kernel, specifically versions 4.19.249-2, 5.10.197-1, or later.

Which Linux kernel versions are affected by CVE-2017-1000112?

CVE-2017-1000112 affects Linux kernel versions between 2.6.15 and 4.12.7.

What can happen if I am vulnerable to CVE-2017-1000112?

If your system is vulnerable to CVE-2017-1000112, it could lead to memory corruption that may be exploited by attackers to cause system instability or execute arbitrary code.

Is CVE-2017-1000112 specific to a certain distribution of Linux?

No, CVE-2017-1000112 is a vulnerability found in the Linux kernel and can affect multiple distributions that utilize the affected kernel versions.

Vulnerability/
CVE-2017-1000112

high

CWE

362

8/8/2017

4/10/2017

5/8/2024

CVE-2017-1000112: Race Condition

First published: Tue Aug 08 2017(Updated: )

A memory corruption issue was found in the Linux kernel. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. Introducing commit: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e89e9cf539a2">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e89e9cf539a2</a>

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
debian/linux		4.19.249-2 4.19.289-2 5.10.197-1 5.10.205-2 6.1.66-1 6.1.69-1 6.5.13-1 6.6.9-1
Linux kernel	>=2.6.15<3.10.108
Linux kernel	>=3.11<3.16.47
Linux kernel	>=3.17<3.18.65
Linux kernel	>=3.19<4.4.82
Linux kernel	>=4.5<4.9.43
Linux kernel	>=4.10<4.12.7

Remedy

http://seclists.org/oss-sec/2017/q3/277

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1000112?
CVE-2017-1000112 has been classified as a high-severity vulnerability due to the potential for memory corruption.
How do I fix CVE-2017-1000112?
To remediate CVE-2017-1000112, you should upgrade to a patched version of the Linux kernel, specifically versions 4.19.249-2, 5.10.197-1, or later.
Which Linux kernel versions are affected by CVE-2017-1000112?
CVE-2017-1000112 affects Linux kernel versions between 2.6.15 and 4.12.7.
What can happen if I am vulnerable to CVE-2017-1000112?
If your system is vulnerable to CVE-2017-1000112, it could lead to memory corruption that may be exploited by attackers to cause system instability or execute arbitrary code.
Is CVE-2017-1000112 specific to a certain distribution of Linux?
No, CVE-2017-1000112 is a vulnerability found in the Linux kernel and can affect multiple distributions that utilize the affected kernel versions.

collector/security-tracker-debian
agent/type
agent/softwarecombine
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2017-1000112
agent/severity
agent/references
agent/weakness
agent/remedy
agent/author
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/debian
vendor/linux
canonical/linux kernel
version/linux kernel/2.6.15
version/linux kernel/3.11
version/linux kernel/3.17
version/linux kernel/3.19
version/linux kernel/4.5
version/linux kernel/4.10