VDB

CVE-2017-17805

CVE-2017-17805 PUBLISHED

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.

EPSS 0.03% · 8.7th percentile

Risk Scores

EPSS Score
0.03%
8.7th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSlinux-oem4.13.0-1021.23, 4.13.0-1019.20, 4.13.0-1015.16
Ubuntu:14.04:LTSlinux-lts-xenial4.4.0-22.40~14.04.1, 4.4.0-28.47~14.04.1, 4.4.0-31.50~14.04.1
Ubuntu:22.04:LTSlinux-intel-iot-realtime5.15.0-1073.75, 0
Ubuntu:16.04:LTSlinux-azure0, 4.11.0-1013.13, 4.11.0-1014.14
Ubuntu:22.04:LTSlinux-riscv0, 5.15.0-1014.16, 5.15.0-1015.17
Ubuntu:16.04:LTSlinux4.4.0-75.96, 4.2.0-16.19, 4.2.0-17.21
Ubuntu:Pro:FIPS:16.04:LTSlinux-fips0, 4.4.0-1006.6, 4.4.0-1005.5
Ubuntu:14.04:LTSlinux-aws0, 4.4.0-1002.2, 4.4.0-1003.3
Ubuntu:20.04:LTSlinux-azure-fde5.4.0-1090.95+cvm1.1, *, *
Ubuntu:20.04:LTSlinux-gke5.4.0-1059.62, 5.4.0-1062.65, 5.4.0-1063.66
Ubuntu:20.04:LTSlinux-raspi20, 5.3.0-1017.19, 5.3.0-1015.17
Ubuntu:22.04:LTSlinux-realtime0, 5.15.0-1032.35
Ubuntu:14.04:LTSlinux3.13.0-133.182, 3.11.0-12.19, 3.12.0-1.3
Ubuntu:16.04:LTSlinux-snapdragon4.4.0-1058.62, 4.4.0-1015.18, 4.4.0-1019.22
Ubuntu:16.04:LTSlinux-aws4.4.0-1037.46, 0, 4.4.0-1001.10
Ubuntu:16.04:LTSlinux-hwe4.8.0-53.56~16.04.1, *, *
Ubuntu:20.04:LTSlinux-riscv5.4.0-24.28, 5.4.0-28.32, 5.4.0-30.34
Ubuntu:16.04:LTSlinux-kvm4.4.0-1017.22, 4.4.0-1013.18, 4.4.0-1010.15
Ubuntu:16.04:LTSlinux-gcp4.10.0-1008.8, 0, 4.10.0-1009.9
Ubuntu:16.04:LTSlinux-raspi24.4.0-1055.62, 4.4.0-1059.67, 4.4.0-1061.69

…and 1 more

Exploit Intelligence

Timeline

  • Dec 20, 2017 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›