vulnerability

Debian: CVE-2017-9074: linux -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

May 19, 2017

Added

Jun 20, 2017

Modified

Mar 30, 2026

Description

The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.

Solution

debian-upgrade-linux

References

CVE-2017-9074
https://attackerkb.com/topics/CVE-2017-9074
CWE-125
DEBIAN-DLA-993-1
DEBIAN-DSA-3886
EUVD-EUVD-2017-18013
https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-18013

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report