Vulnetix
Try Vulnetix Request Demo
CVE-2017-7482 PUBLISHED

In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.

EPSS 0.16% · 36.8th percentile

Risk Scores

EPSS Score
0.16%
36.8th percentile

Affected Products

VendorProductVersions
Ubuntu:20.04:LTSlinux-gke0, 5.4.0-1105.112, 5.4.0-1104.111
Ubuntu:16.04:LTSlinux4.2.0-19.23, 4.4.0-71.92, 4.4.0-70.91
Ubuntu:16.04:LTSlinux-aws4.4.0-1026.35, 4.4.0-1022.31, 4.4.0-1020.29
Ubuntu:16.04:LTSlinux-raspi24.4.0-1034.41, 4.4.0-1029.36, 4.4.0-1027.33
Ubuntu:20.04:LTSlinux-azure-fde5.4.0-1085.90+cvm1.1, 0, 5.4.0-1063.66+cvm2.2
Ubuntu:20.04:LTSlinux-raspi25.4.0-1006.6, 5.4.0-1004.4, 5.3.0-1017.19
Ubuntu:16.04:LTSlinux-gke4.4.0-1009.9, 4.4.0-1008.8, 4.4.0-1006.6
Ubuntu:14.04:LTSlinux-lts-xenial4.4.0-47.68~14.04.1, 4.4.0-64.85~14.04.1, 4.4.0-66.87~14.04.1
Ubuntu:22.04:LTSlinux-riscv5.15.0-1004.4, 5.15.0-1017.19, 5.15.0-1016.18
Ubuntu:22.04:LTSlinux-intel-iot-realtime0, 5.15.0-1073.75
Ubuntu:22.04:LTSlinux-realtime5.15.0-1032.35, 0
Ubuntu:16.04:LTSlinux-hwe4.10.0-27.30~16.04.2, 4.10.0-28.32~16.04.2, 4.10.0-30.34~16.04.1
Ubuntu:24.04:LTSlinux-raspi-realtime0, 6.8.0-2019.20
Ubuntu:14.04:LTSlinux3.13.0-5.20, 3.13.0-4.19, 3.13.0-3.18
Ubuntu:16.04:LTSlinux-snapdragon0, 4.4.0-1039.43, 4.4.0-1035.39
Ubuntu:20.04:LTSlinux-riscv5.4.0-24.28, 5.4.0-26.30, 5.4.0-27.31

Timeline

References

Open in Interactive Console →