High severity7.8NVD Advisory· Published Apr 19, 2017· Updated May 13, 2026
CVE-2017-7979
CVE-2017-7979
Description
The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org.
Affected products
7cpe:2.3:o:linux:linux_kernel:4.11:rc1:*:*:*:*:*:*+ 6 more
- cpe:2.3:o:linux:linux_kernel:4.11:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.11:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.11:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.11:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.11:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.11:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.11:rc7:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- marc.infonvdMailing ListPatchThird Party Advisory
- marc.infonvdMailing ListPatchThird Party Advisory
- marc.infonvdMailing ListPatchThird Party Advisory
- marc.infonvdMailing ListPatchThird Party Advisory
- marc.infonvdMailing ListPatchThird Party Advisory
- bugs.launchpad.net/ubuntu/+source/linux/+bug/1682368nvdIssue TrackingPatch
- bugzilla.proxmox.com/show_bug.cginvdIssue TrackingPatch
- www.securityfocus.com/bid/97969nvd
News mentions
0No linked articles in our index yet.