Integer Overflow Vulnerability in perf_cpu_time_max_percent_handler Function

Integer Overflow Vulnerability in perf_cpu_time_max_percent_handler Function

CVE-2017-18255 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.