CVE-2017-5972
Severity CVSS v4.0:
Pending analysis
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
14/02/2017
Last modified:
20/04/2025
Description
The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.0.0 (including) | 3.19.8 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://seclists.org/oss-sec/2017/q1/573
- http://www.securityfocus.com/bid/96231
- https://access.redhat.com/security/cve/cve-2017-5972
- https://bugzilla.redhat.com/show_bug.cgi?id=1422081
- https://cxsecurity.com/issue/WLB-2017020112
- https://githubengineering.com/syn-flood-mitigation-with-synsanity/
- https://packetstormsecurity.com/files/141083/CentOS7-Kernel-Denial-Of-Service.html
- https://security-tracker.debian.org/tracker/CVE-2017-5972
- https://www.exploit-db.com/exploits/41350/
- http://seclists.org/oss-sec/2017/q1/573
- http://www.securityfocus.com/bid/96231
- https://access.redhat.com/security/cve/cve-2017-5972
- https://bugzilla.redhat.com/show_bug.cgi?id=1422081
- https://cxsecurity.com/issue/WLB-2017020112
- https://githubengineering.com/syn-flood-mitigation-with-synsanity/
- https://packetstormsecurity.com/files/141083/CentOS7-Kernel-Denial-Of-Service.html
- https://security-tracker.debian.org/tracker/CVE-2017-5972
- https://www.exploit-db.com/exploits/41350/