Vulnerabilities > CVE-2017-13686 - NULL Pointer Dereference vulnerability in Linux Kernel 4.13

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
linux
CWE-476

Summary

net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release.

Vulnerable Configurations

Part Description Count
OS
Linux
6

Common Weakness Enumeration (CWE)