Linux Kernel Netfilter Undersized SYN Memory Corruption

Strike ID:
E18-3im91
CVSS:
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
1
Year:
2017

Description

This strike exploits a memory corruption vulnerability in the Linux Kernel Netfilter service. When processing TCP SYN packets with TCP header length less than 5, an integer overflow will occur when calculating data offset, eventually resulting in memory corruption. Successful exploitation may result in out of bounds reads and writes to kernel memory, abnormal termination of the netfilter process, or kernel panic, resulting in a denial of service condition.

CVE

References

Bid