CVE-2017-7482 HIGH

CVE-2017-7482

Vendor [Unknown]
Product kernel:
Weakness CWE-190
Published July 30, 2018
Last update August 5, 2024

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.

Key dates

02Disclosure timeline

July 30, 2018 CVE published
August 5, 2024 Record updated