{ "id": "CVE-2017-7618", "sourceIdentifier": "cve@mitre.org", "published": "2017-04-10T14:59:00.357", "lastModified": "2023-02-14T19:51:19.073", "vulnStatus": "Analyzed", "evaluatorComment": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')", "descriptions": [ { "lang": "en", "value": "crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue." }, { "lang": "es", "value": "crypto/ahash.c en el kernel de Linux hasta 4.10.9 permite a los atacantes causar una denegaci\u00f3n de servicio (operaci\u00f3n de API llamando a su propia devoluci\u00f3n de llamada, y recursi\u00f3n infinita) activando EBUSY en una cola completa." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": true, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-835" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.15", "versionEndExcluding": "3.16.44", "matchCriteriaId": "4915B333-C203-4744-8B3A-C46365415C20" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "3.18.50", "matchCriteriaId": "853F13A0-776A-4078-B05B-7C1E20D4973D" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.19", "versionEndExcluding": "4.1.40", "matchCriteriaId": "70E79011-B658-40F2-B406-D3619DEBFACD" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "4.4.63", "matchCriteriaId": "16332D79-B98D-4D8D-BEA8-C1815D93CA8B" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "4.9.24", "matchCriteriaId": "9035A20D-ECBA-4959-8F7F-EF1BFE41A7AF" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "4.10.12", "matchCriteriaId": "59CCD4BB-9F0D-405F-B1DD-ACEDF5BB2EDD" } ] } ] } ], "references": [ { "url": "http://marc.info/?l=linux-crypto-vger&m=149181655623850&w=2", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.securityfocus.com/bid/97534", "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03800en_us", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] } ] }