{
  "threat_severity" : "Moderate",
  "public_date" : "2017-02-04T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ipv4: Invalid IP options could cause skb->dst drop",
    "id" : "1421638",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1421638"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.", "A vulnerability was found in the Linux kernel where having malicious IP options present would cause the ipv4_pktinfo_prepare() function to drop/free the dst. This could result in a system crash or possible privilege escalation." ],
  "statement" : "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code which can trigger the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-08-01T00:00:00Z",
    "advisory" : "RHSA-2017:2077",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-693.rt56.617.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-08-01T00:00:00Z",
    "advisory" : "RHSA-2017:1842",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-693.el7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2017-09-06T00:00:00Z",
    "advisory" : "RHSA-2017:2669",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-5970\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5970" ],
  "name" : "CVE-2017-5970",
  "csaw" : false
}