7.8

CVE-2017-6074

The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 3.2.86
LinuxLinux Kernel Version >= 3.3 < 3.10.106
LinuxLinux Kernel Version >= 3.11 < 3.12.71
LinuxLinux Kernel Version >= 3.13 < 3.16.41
LinuxLinux Kernel Version >= 3.17 < 3.18.49
LinuxLinux Kernel Version >= 3.19 < 4.1.41
LinuxLinux Kernel Version >= 4.2 < 4.4.52
LinuxLinux Kernel Version >= 4.5 < 4.9.13
DebianDebian Linux Version8.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.96% 0.923
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-415 Double Free

The product calls free() twice on the same memory address.

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Patch
Third Party Advisory
https://source.android.com/security/bulletin/2017-07-01
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0932
Third Party Advisory
http://www.debian.org/security/2017/dsa-3791
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0293.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0294.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0295.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0316.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0323.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0324.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0345.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0346.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0347.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0365.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0366.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0403.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0501.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/02/22/3
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/96310
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037876
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:1209
Third Party Advisory
https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
Patch
Third Party Advisory
Issue Tracking
https://www.exploit-db.com/exploits/41457/
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/41458/
Third Party Advisory
VDB Entry
https://www.tenable.com/security/tns-2017-07
Third Party Advisory