Integer Overflow and Memory Corruption Vulnerability in Linux Kernel's BPF Verifier

Integer Overflow and Memory Corruption Vulnerability in Linux Kernel's BPF Verifier

CVE-2017-17854 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.