http://bugzilla.opensuse.org/show_bug.cgi?id=1039882 Bug ID: 1039882 Summary: VUL-0: CVE-2017-9074: kernel-source: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-9074 ==================================================== The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. ==================================================== Hyperlink [1] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=24... [2] https://github.com/torvalds/linux/commit/2423496af35d94a87156b063ea5cedffc10... [3] https://patchwork.ozlabs.org/patch/763117/ [4] https://security-tracker.debian.org/tracker/CVE-2017-9074 -- You are receiving this mail because: You are on the CC list for the bug.