VDB

CVE-2017-5972

CVE-2017-5972 PUBLISHED

The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.

EPSS 18.91% · 95.4th percentile

Risk Scores

EPSS Score
18.91%
95.4th percentile

Affected Products

VendorProductVersions
Ubuntu:20.04:LTSlinux-raspi25.3.0-1014.16, 5.3.0-1017.19, 0
Ubuntu:22.04:LTSlinux-realtime0, 5.15.0-1032.35
Ubuntu:20.04:LTSlinux-gke5.4.0-1033.35, 5.4.0-1100.107, 5.4.0-1099.106
Ubuntu:22.04:LTSlinux-riscv0, 5.15.0-1017.19, 5.15.0-1018.21
Ubuntu:20.04:LTSlinux-riscv5.4.0-30.34, 5.4.0-36.41, 5.4.0-37.42
Ubuntu:20.04:LTSlinux-gkeop-5.155.15.0-1028.33~20.04.1, 5.15.0-1055.62~20.04.1, 5.15.0-1054.61~20.04.1
Ubuntu:Pro:14.04:LTSlinux3.13.0-180.231, 3.13.0-181.232, 3.13.0-182.233
Ubuntu:20.04:LTSlinux-gkeop5.4.0-1089.93, 5.4.0-1048.51, 5.4.0-1046.48
Ubuntu:24.04:LTSlinux-raspi-realtime0, 6.8.0-2019.20
Ubuntu:20.04:LTSlinux-azure-fde5.4.0-1073.76+cvm1.1, 5.4.0-1076.79+cvm1.1, 5.4.0-1078.81+cvm1.1
Ubuntu:22.04:LTSlinux-intel-iot-realtime5.15.0-1073.75, 0

Exploit Intelligence

…and 1 more exploits

Timeline

  • Feb 14, 2017 PoC Published
  • Feb 14, 2017 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›