製品・ソフトウェアに関する情報

JVN脆弱性詳細

Linux Kernel の net/ipv4/tcp.c の tcp_splice_read 関数におけるサービス運用妨害 (DoS) の脆弱性

Title	Linux Kernel の net/ipv4/tcp.c の tcp_splice_read 関数におけるサービス運用妨害 (DoS) の脆弱性
Summary	Linux Kernel の net/ipv4/tcp.c の tcp_splice_read 関数には、サービス運用妨害 (無限ループおよびソフトロックアップ) 状態にされる脆弱性が存在します。
Possible impacts	リモートの攻撃者により、URG フラグを伴う TCP パケットに関する問題によってサービス運用妨害 (無限ループおよびソフトロックアップ) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Feb. 18, 2017, midnight
Registration Date	March 13, 2017, 3:53 p.m.
Last Update	March 13, 2017, 3:53 p.m.

CVSS3.0 : 重要
Score	7.5
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected System

Linux

Linux Kernel 4.9.12 まで

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-6214	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6214
National Vulnerability Database (NVD)
2	CVE-2017-6214	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6214

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-399	https://jvndb.jvn.jp/ja/cwe/CWE-399.html

ベンダー情報

No	Name	URL
ChangeLog
1	ChangeLog-4.9.11	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11
GitHub
2	tcp: avoid infinite loop in tcp_splice_read()	https://github.com/torvalds/linux/commit/ccf7abb93af09ad0868ae9033d1ca8108bdaec82
Linux Kernel
3	Linux Kernel Archives	http://www.kernel.org
Linux kernel source tree
4	tcp: avoid infinite loop in tcp_splice_read()	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ccf7abb93af09ad0868ae9033d1ca8108bdaec82

Change Log

No	Changed Details	Date of change
0	[2017年03月13日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2017-6214

Summary	The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.
Publication Date	Feb. 24, 2017, 2:59 a.m.
Registration Date	Jan. 26, 2021, 1:27 p.m.
Last Update	Nov. 21, 2024, 12:29 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::			4.9.10

Related information, measures and tools

No	URL	タグ
1	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccf7abb93af09ad0868ae9033d1ca8108bdaec82	Issue Tracking Patch Third Party Advisory
2	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccf7abb93af09ad0868ae9033d1ca8108bdaec82	Issue Tracking Patch Third Party Advisory
3	http://www.debian.org/security/2017/dsa-3804
4	http://www.debian.org/security/2017/dsa-3804
5	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11	Release Notes Vendor Advisory
6	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11	Release Notes Vendor Advisory
7	http://www.securityfocus.com/bid/96421
8	http://www.securityfocus.com/bid/96421
9	http://www.securitytracker.com/id/1037897
10	http://www.securitytracker.com/id/1037897
11	https://access.redhat.com/errata/RHSA-2017:1372
12	https://access.redhat.com/errata/RHSA-2017:1372
13	https://access.redhat.com/errata/RHSA-2017:1615
14	https://access.redhat.com/errata/RHSA-2017:1615
15	https://access.redhat.com/errata/RHSA-2017:1616
16	https://access.redhat.com/errata/RHSA-2017:1616
17	https://access.redhat.com/errata/RHSA-2017:1647
18	https://access.redhat.com/errata/RHSA-2017:1647
19	https://github.com/torvalds/linux/commit/ccf7abb93af09ad0868ae9033d1ca8108bdaec82	Issue Tracking Patch Third Party Advisory
20	https://github.com/torvalds/linux/commit/ccf7abb93af09ad0868ae9033d1ca8108bdaec82	Issue Tracking Patch Third Party Advisory
21	https://source.android.com/security/bulletin/2017-09-01
22	https://source.android.com/security/bulletin/2017-09-01

Common Vulnerabilities List