628870 – (CVE-2017-13686) kernel 4.13-rc1 through 4.13-rc6l: DoS via (NULL pointer dereference) (CVE-2017-13686)

Bug 628870 (CVE-2017-13686) - kernel 4.13-rc1 through 4.13-rc6l: DoS via (NULL pointer dereference) (CVE-2017-13686)

Summary: kernel 4.13-rc1 through 4.13-rc6l: DoS via (NULL pointer dereference) (CVE-2...

Status:	RESOLVED INVALID

Alias:	CVE-2017-13686

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Kernel Security

URL:	https://github.com/torvalds/linux/com...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-08-25 00:29 UTC by D'juan McDonald (domhnall)
Modified:	2022-03-26 00:16 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description D'juan McDonald (domhnall) 2017-08-25 00:29:20 UTC

From ${URL}:

net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release.

CVE Details: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13686

Comment 1 D'juan McDonald (domhnall) 2017-08-25 00:34:36 UTC

Patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205

Comment 2 John Helmert III archtester

2022-03-26 00:16:13 UTC

Seemingly only affected rc versions