Giters

Cosmic-Kernel / android_kernel_samsung_j7elte

Cosmic Kernel for J7 F/M 2015 (j7elte) & J7 H 2015 (j7e3g)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2017-14489 (Medium) detected in linuxv3.10

mend-bolt-for-github opened this issue · comments

commented

CVE-2017-14489 - Medium Severity Vulnerability

Vulnerable Library - linuxv3.10

Linux kernel source tree

Library home page: https://github.com/torvalds/linux.git

Found in HEAD commit: adc86a86e0ac98007fd3af905bc71e9f29c1502c

Found in base branch: xsentinel-1.7-experimental

Vulnerable Source Files (1)

android_kernel_samsung_j7elte/drivers/scsi/scsi_transport_iscsi.c

Vulnerability Details

The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.

Publish Date: 2017-09-15

URL: CVE-2017-14489

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14489

Release Date: 2017-09-15

Fix Resolution: v4.14-rc3

Step up your Open Source Security Game with WhiteSource here