CVE-2017-5970 Linux CVE debrief

Who should care

Linux kernel maintainers, distribution security teams, embedded/device vendors, and operators of systems running affected kernel versions, especially where network-facing workloads or IPv4 processing are common.

Technical summary

The vulnerable function is ipv4_pktinfo_prepare in net/ipv4/ip_sockglue.c. The NVD record describes two trigger paths: crafted system calls from an application, or IPv4 traffic with invalid IP options. NVD maps the weakness to CWE-476 and lists the affected CPE range as Linux kernel versions up to and including 4.9.9. The listed impact is availability loss only, with no confidentiality or integrity impact in the CVSS vector.

Defensive priority

High: prioritize patching or vendor-updating affected Linux kernel deployments, especially systems exposed to untrusted network traffic.

Recommended defensive actions

• Inventory Linux kernel versions and identify any systems at or below 4.9.9.
• Apply the vendor or distribution security updates that address this issue, including the upstream Linux patch referenced in the source record.
• Check downstream advisories from your Linux distribution or platform vendor before maintenance windows, since several vendor references are cited in the record.
• Prioritize internet-facing, appliance, and embedded deployments that process untrusted IPv4 traffic.
• Monitor for unexpected kernel crashes or reboots on potentially affected hosts while remediation is rolled out.

Evidence notes

The source corpus ties this CVE to the Linux kernel commit 34b2cef20f19c87999fff3da4071e66937db9644 and to downstream advisories from Debian, Red Hat, and Android. NVD classifies the issue as CVSS 3.0 7.5/High (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) with CWE-476 and states the affected range is Linux kernel through 4.9.9. No exploit code or real-world exploitation confirmation is provided in the supplied corpus.

Official resources