High severity7.8NVD Advisory· Published Dec 27, 2017· Updated May 13, 2026

CVE-2017-17863

Description

kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-reject-out-of-bounds-stack-pointer-calculation.patchnvdPatch
www.spinics.net/lists/stable/msg206985.htmlnvdIssue TrackingPatch
www.securityfocus.com/bid/102321nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1040058nvdThird Party AdvisoryVDB Entry
www.debian.org/security/2017/dsa-4073nvdThird Party Advisory
usn.ubuntu.com/3523-3/nvd
usn.ubuntu.com/usn/usn-3523-2/nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000