CVE-2017-7308
CVE-2017-7308
Vexday Risk Score
43Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS —EPSS 17.8%KEV nãoPoC públicaNuclei —Metasploit simPatch referenciado
Ciclo de vida
29 mar 2017Exploit Metasploit disponible
29 mar 2017Publicada en NVD
11 may 2017PoC pública
Velocidad de armamento
42 díashasta el primer PoC
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.
Productos afectados
n/a · n/aPoCs públicas encontradas — 6
githubgithub.com/anldori/CVE-2017-7308★ 0cve_referencewww.exploit-db.com/exploits/41994/no verificadocve_referencewww.exploit-db.com/exploits/44654/no verificadoexploitdbwww.exploit-db.com/exploits/44654no verificadoexploitdbwww.exploit-db.com/exploits/47168no verificadoexploitdbwww.exploit-db.com/exploits/41994no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
Referencias
https://access.redhat.com/errata/RHSA-2017:1297https://access.redhat.com/errata/RHSA-2017:1298https://access.redhat.com/errata/RHSA-2017:1308https://access.redhat.com/errata/RHSA-2018:1854https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.htmlhttps://patchwork.ozlabs.org/patch/744811/https://patchwork.ozlabs.org/patch/744812/https://patchwork.ozlabs.org/patch/744813/https://source.android.com/security/bulletin/2017-07-01https://www.exploit-db.com/exploits/41994/https://www.exploit-db.com/exploits/44654/http://www.securityfocus.com/bid/97234