High severity7.8NVD Advisory· Published May 19, 2017· Updated May 13, 2026

CVE-2017-9074

Description

The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: <3.2.89

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdPatchVendor Advisory
github.com/torvalds/linux/commit/2423496af35d94a87156b063ea5cedffc10a70a1nvdPatchVendor Advisory
patchwork.ozlabs.org/patch/763117/nvdPatchThird Party Advisory
www.debian.org/security/2017/dsa-3886nvdThird Party Advisory
www.securityfocus.com/bid/98577nvdThird Party AdvisoryVDB Entry
access.redhat.com/errata/RHSA-2017:1842nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:2077nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:2669nvdThird Party Advisory
access.redhat.com/errata/RHSA-2018:0169nvdThird Party Advisory
help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000