High severity7.5NVD Advisory· Published Feb 14, 2017· Updated May 13, 2026

CVE-2017-5972

Description

The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: >=3.0.0,<=3.19.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cxsecurity.com/issue/WLB-2017020112nvdExploitThird Party Advisory
packetstormsecurity.com/files/141083/CentOS7-Kernel-Denial-Of-Service.htmlnvdExploitThird Party AdvisoryVDB Entry
seclists.org/oss-sec/2017/q1/573nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/96231nvdThird Party AdvisoryVDB Entry
access.redhat.com/security/cve/cve-2017-5972nvdThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
githubengineering.com/syn-flood-mitigation-with-synsanity/nvdThird Party Advisory
security-tracker.debian.org/tracker/CVE-2017-5972nvdThird Party Advisory
www.exploit-db.com/exploits/41350/nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.015
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000