VDB

CVE-2017-7482

CVE-2017-7482 PUBLISHED

In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.

EPSS 0.16% · 36.8th percentile

Risk Scores

EPSS Score
0.16%
36.8th percentile

Affected Products

VendorProductVersions
Ubuntu:20.04:LTSlinux-gke5.4.0-1033.35, 5.4.0-1035.37, 5.4.0-1036.38
Ubuntu:16.04:LTSlinux4.3.0-1.10, 4.2.0-19.23, 4.2.0-17.21
Ubuntu:16.04:LTSlinux-aws4.4.0-1026.35, 4.4.0-1022.31, 4.4.0-1001.10
Ubuntu:16.04:LTSlinux-raspi20, 4.2.0-1014.21, 4.4.0-1003.4
Ubuntu:20.04:LTSlinux-azure-fde*, 5.4.0-1063.66+cvm3.2, 5.4.0-1065.68+cvm2.1
Ubuntu:20.04:LTSlinux-raspi20, 5.3.0-1014.16, 5.3.0-1017.19
Ubuntu:16.04:LTSlinux-gke0, 4.4.0-1014.14, 4.4.0-1018.18
Ubuntu:14.04:LTSlinux-lts-xenial4.4.0-22.39~14.04.1, 0, 4.4.0-13.29~14.04.1
Ubuntu:22.04:LTSlinux-riscv5.15.0-1006.6, *, 0
Ubuntu:22.04:LTSlinux-intel-iot-realtime5.15.0-1073.75, 0
Ubuntu:22.04:LTSlinux-realtime5.15.0-1032.35, 0
Ubuntu:16.04:LTSlinux-hwe0, *, *
Ubuntu:24.04:LTSlinux-raspi-realtime0, 6.8.0-2019.20
Ubuntu:14.04:LTSlinux3.13.0-23.45, 3.13.0-106.153, 3.13.0-3.18
Ubuntu:16.04:LTSlinux-snapdragon4.4.0-1053.57, 4.4.0-1012.12, 4.4.0-1067.72
Ubuntu:20.04:LTSlinux-riscv5.4.0-33.37, 5.4.0-39.44, 5.4.0-34.38

Exploit Intelligence

…and 10 more exploits

Timeline

  • Jun 27, 2017 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›