Skip to main content

Virtualization Host CVE-2017-1000407

HIGH
Improper Check for Unusual or Exceptional Conditions (CWE-754)
2017-12-11 cve@mitre.org
7.4
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 11, 2017 - 21:29 cve.org
HIGH 7.4

DescriptionCVE.org

The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.

AnalysisAI

The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-754. The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. Affected products include: Redhat Virtualization Host, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2018-1000001 HIGH POC
7.8 Jan 31

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before th

CVE-2022-0435 HIGH POC
8.8 Mar 25

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with

CVE-2018-18559 HIGH POC
8.1 Oct 22

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt

CVE-2019-14835 HIGH POC
7.8 Sep 17

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that t

CVE-2018-11237 HIGH POC
7.8 May 18

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier m

CVE-2019-3460 MEDIUM POC
6.5 Apr 11

A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.

CVE-2019-3888 CRITICAL
9.8 Jun 12

A vulnerability was found in Undertow web server before 2.0.21. Rated critical severity (CVSS 9.8), this vulnerability i

CVE-2018-11236 CRITICAL
9.8 May 18

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arg

CVE-2018-8088 CRITICAL
9.8 Mar 20

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass int

CVE-2018-6485 CRITICAL
9.8 Feb 01

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or

CVE-2018-18397 MEDIUM POC
5.5 Dec 12

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl cal

CVE-2018-10322 MEDIUM POC
5.5 Apr 24

The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to

Share

CVE-2017-1000407 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy