Buffer Overflow and Memory Corruption Vulnerability in Hisilicon Network Subsystem (HNS)

Buffer Overflow and Memory Corruption Vulnerability in Hisilicon Network Subsystem (HNS)

CVE-2017-18222 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.