CVE-2017-1000407
high
CVSS v3
7.4
CVSS v4 NEW
โ
VIR risk
7.4
Description
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
Predictions
Exploit likelihood
72%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
Linux kernel Affected 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 4.15 | Affected | โ |
| โ | Affected | 4.15 |
Red Hat Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| 7.0 | Affected | โ |
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
Ubuntu Affected 4 releases
| Version | Status | Fixed in |
|---|---|---|
| 17.10 | Affected | โ |
| 16.04 | Affected | โ |
| 14.04 | Affected | โ |
| 12.04 | Affected | โ |
Debian Mixed 8 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 4.14.7-1 |
| sid | Fixed | 4.14.7-1 |
| forky | Fixed | 4.14.7-1 |
| bullseye | Fixed | 4.14.7-1 |
| bookworm | Fixed | 4.14.7-1 |
| 9.0 | Affected | โ |
| 8.0 | Affected | โ |
| 7.0 | Affected | โ |
Arch Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Fixed | 4.9.69-1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| redhat | virtualization_host | 4.0 | |
References
- http://www.openwall.com/lists/oss-security/2017/12/04/2
- http://www.securityfocus.com/bid/102038
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/errata/RHSA-2019:1170
- https://access.redhat.com/security/cve/cve-2017-1000407
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3632-1/
- https://www.debian.org/security/2017/dsa-4073
- https://www.debian.org/security/2018/dsa-4082
- https://www.spinics.net/lists/kvm/msg159809.html
- https://www.suse.com/security/cve/CVE-2017-1000407.html
- https://security-tracker.debian.org/tracker/CVE-2017-1000407
CWEs
CWE-754
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.