CVE-2017-17854

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-17854
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-17854.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-17854
Downstream
Related
Published
2017-12-27T17:08:20.203Z
Modified
2026-02-17T00:11:24.965230Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
bb7f0f989ca7de1153bd128a40a71709e339fa03
Introduced
bebc6082da0a9f5d47a1ea2edc099bf671058bd4
Fixed
bb7f0f989ca7de1153bd128a40a71709e339fa03

Affected versions

v4.*
v4.14
v4.15-rc1
v4.15-rc2
v4.15-rc3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-17854.json"
vanir_signatures 
[
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@bb7f0f989ca7de1153bd128a40a71709e339fa03",
        "digest": {
            "function_hash": "297049020411751566929074818203934106251",
            "length": 4213.0
        },
        "id": "CVE-2017-17854-4624a8a9",
        "deprecated": false,
        "target": {
            "file": "kernel/bpf/verifier.c",
            "function": "adjust_scalar_min_max_vals"
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@bb7f0f989ca7de1153bd128a40a71709e339fa03",
        "digest": {
            "function_hash": "25297261137849435867112041776326875517",
            "length": 4243.0
        },
        "id": "CVE-2017-17854-d905442c",
        "deprecated": false,
        "target": {
            "file": "kernel/bpf/verifier.c",
            "function": "adjust_ptr_min_max_vals"
        }
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@bb7f0f989ca7de1153bd128a40a71709e339fa03",
        "digest": {
            "line_hashes": [
                "137126876006139000487873135703658789921",
                "122498244565537579970421324151437462676",
                "24098686306953093500402656621660559655",
                "16091322277093438905175884234180123051",
                "325838271922980744780437862700424731497",
                "34032435457714538535488359781388386397",
                "58578887914267500403690196021408460669",
                "312222596226405789126451832514648511228",
                "167784475953879936966169768921112348039",
                "70875042190053791967733002238551829908",
                "201491054112617584738736166404031074558",
                "336794172834446309967225236408400074783"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2017-17854-de157183",
        "deprecated": false,
        "target": {
            "file": "kernel/bpf/verifier.c"
        }
    }
]