CVE-2017-15121 — Improper Input Validation in HAT INC RED HAT Enterprise Linux

CWE-20 — Improper Input Validation7 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 78.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel RED HAT INC RED HAT Enterprise Linux Redhat Enterprise Linux +6 more

Timeline

PublishedDec 7

Latest updateMay 13

Description

A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶Debianlinux/linux_kernel< 3.11.5-1+3

▶NVDredhat/enterprise_linux_server6.0, 7.0+1

▶NVDredhat/enterprise_linux_desktop6.0, 7.0+1

▶NVDredhat/enterprise_linux_workstation6.0, 7.0+1

▶CVEListV5red_hat_inc/red_hat_enterprise_linux6, 7

Also affects: Enterprise Linux 6.0, 7.0, 7.6

🔴Vulnerability Details

GHSA

GHSA-j44m-j98w-c9cw: A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not en↗2022-05-13

▶

OSV

CVE-2017-15121: A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not en↗2017-12-07

▶

CVEList

CVE-2017-15121: A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not en↗2017-12-06

▶

📋Vendor Advisories

Red Hat

kernel: vfs: BUG in truncate_inode_pages_range() and fuse client↗2017-12-05

▶

Debian

CVE-2017-15121: linux - A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and cras...↗2017

▶

💬Community

Bugzilla

CVE-2017-15121 kernel: vfs: BUG in truncate_inode_pages_range() and fuse client↗2017-12-05

▶