Public Date:
1419848: CVE-2017-5897 kernel: ip6_gre: Invalid reads in ip6gre_err
An issue was found in the Linux kernel ipv6 implementation of GRE tunnels which allows a remote attacker to trigger an out-of-bounds access. At this time we understand no trust barrier has been crossed and there is no security implications in this flaw.

Find out more about CVE-2017-5897 from the MITRE CVE dictionary dictionary and NIST NVD.


Red Hat Enterprise Linux 5 and 6 are not affected as they do not include this code.

Red Hat Enterprise Linux 7, MRG and realtime kernels contain the code, but are not affected. At this time we do not believe there is a denial of service, memory leak, privilege escalation or trust barrier crossed. The kernel may attribute errors in system logs to the wrong tunnel. If you believe this is in error and have evidence or thoughts to the contrary please contact Red Hat Security Team.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 3.7
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact Low
Availability Impact None

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Will not fix
Red Hat Enterprise Linux 7 kernel-rt Will not fix
Red Hat Enterprise Linux 7 kernel Will not fix
Red Hat Enterprise Linux 6 kernel Not affected
Red Hat Enterprise Linux 5 kernel Not affected
Last Modified