What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2017-5897.

What is the severity level of CVE-2017-5897?

CVE-2017-5897 has a severity level of high.

What is the impact of CVE-2017-5897?

CVE-2017-5897 allows remote attackers to trigger an out-of-bounds access, leading to unspecified impact.

Which software versions are affected by CVE-2017-5897?

Versions 4.10~ and up to 4.10~, 3.13.0-157.207, and 4.4.0-75.96 of the Linux kernel, as well as various other versions of Linux packages, are affected by CVE-2017-5897.

How can I fix CVE-2017-5897?

To fix CVE-2017-5897, update your Linux kernel to version 4.10~ or higher, or apply the appropriate security patches provided by your Linux distribution.

Vulnerability/
CVE-2017-5897

critical

9.8

CWE

125

7/2/2017

23/3/2017

26/8/2024

CVE-2017-5897

First published: Tue Feb 07 2017(Updated: )

An issue was found in the Linux kernel ipv6 implementation of GRE tunnels which allows a remote attacker to trigger an out-of-bounds access. At this time we understand no trust barrier has been crossed and there is no security implications in this flaw. References: <a href="http://seclists.org/oss-sec/2017/q1/323">http://seclists.org/oss-sec/2017/q1/323</a> Upstream patch: <a href="https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756">https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756</a>

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Linux Linux kernel	>=3.7<3.10.106
Linux Linux kernel	>=3.11<3.12.71
Linux Linux kernel	>=3.13<3.16.41
Linux Linux kernel	>=3.17<3.18.49
Linux Linux kernel	>=3.19<4.4.50
Linux Linux kernel	>=4.5<4.9.11
Canonical Ubuntu Linux	=14.04
Debian Debian Linux	=8.0
Google Android
debian/linux		5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1

Remedy

https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2017-5897.
What is the severity level of CVE-2017-5897?
CVE-2017-5897 has a severity level of high.
What is the impact of CVE-2017-5897?
CVE-2017-5897 allows remote attackers to trigger an out-of-bounds access, leading to unspecified impact.
Which software versions are affected by CVE-2017-5897?
Versions 4.10~ and up to 4.10~, 3.13.0-157.207, and 4.4.0-75.96 of the Linux kernel, as well as various other versions of Linux packages, are affected by CVE-2017-5897.
How can I fix CVE-2017-5897?
To fix CVE-2017-5897, update your Linux kernel to version 4.10~ or higher, or apply the appropriate security patches provided by your Linux distribution.

collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2017-5897
agent/author
agent/severity
agent/weakness
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
collector/android-source
source/Android
agent/last-modified-date
agent/references
agent/remedy
agent/tags
collector/usn-cve
source/Ubuntu
agent/description
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
agent/trending
vendor/linux
canonical/linux linux kernel
version/linux linux kernel/3.7
version/linux linux kernel/3.11
version/linux linux kernel/3.13
version/linux linux kernel/3.17
version/linux linux kernel/3.19
version/linux linux kernel/4.5
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/14.04
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
vendor/google
canonical/google android
package-manager/debian