7.8

CVE-2017-8890

The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 3.2.89
LinuxLinux Kernel Version >= 3.3 < 3.10.106
LinuxLinux Kernel Version >= 3.11 < 3.16.44
LinuxLinux Kernel Version >= 3.17 < 3.18.56
LinuxLinux Kernel Version >= 3.19 < 4.1.42
LinuxLinux Kernel Version >= 4.2 < 4.4.71
LinuxLinux Kernel Version >= 4.5 < 4.9.31
LinuxLinux Kernel Version >= 4.10 < 4.11.4
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.37% 0.684
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://access.redhat.com/errata/RHSA-2017:1842
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2077
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1854
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2669
Third Party Advisory
https://source.android.com/security/bulletin/2017-09-01
Third Party Advisory
http://www.debian.org/security/2017/dsa-3886
Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a
Patch
Third Party Advisory
Issue Tracking
http://www.securityfocus.com/bid/98562
Third Party Advisory
VDB Entry
https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a
Patch
Third Party Advisory
Issue Tracking