CVE-2017-5972

Impact:
Moderate
Public Date:
2017-02-12
CWE:
CWE-400
Bugzilla:
1422081: CVE-2017-5972 kernel: SYN cookie protection mechanism not properly implemented

The MITRE CVE dictionary describes this issue as:

The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.

Find out more about CVE-2017-5972 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects Red Hat Enterprise Linux 5,6, 7 and MRG-2 kernels. Red Hat has no plans to fix this issue at this time.

While performance enhancements have been made upstream, Red Hat Product Security believes the report to be invalid and able to be mitigated with synproxy. This flaw is currently under investigation for validity and Red Hat is asking to revoke the CVE.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 7.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Will not fix
Red Hat Enterprise Linux 7 kernel-rt Will not fix
Red Hat Enterprise Linux 7 kernel Will not fix
Red Hat Enterprise Linux 6 kernel Will not fix
Red Hat Enterprise Linux 5 kernel Not affected

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.