CVE-2017-6074

Опубликовано: 18 фев. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Средний

Описание

The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.

Ссылки

http://rhn.redhat.com/errata/RHSA-2017-0293.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0294.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0295.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0316.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0323.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0324.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0345.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0346.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0347.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0365.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0366.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0403.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0501.html
Third Party Advisory
http://www.debian.org/security/2017/dsa-3791
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/02/22/3
Mailing List
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Patch
Third Party Advisory
http://www.securityfocus.com/bid/96310
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037876
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:0932
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1209
Third Party Advisory