CVE-2017-11171

Name of the Vulnerable Software and Affected Versions gnome-session versions prior to 2.29.92

Description A local attacker can exploit bad reference counting in the accept ice connection() function to establish ICE connections with invalid authentication data, specifically an invalid magic cookie. Each failed authentication attempt leaks a file descriptor in gnome-session. Once the maximum number of file descriptors is exhausted, gnome-session enters an infinite loop, consuming 100% of the CPU and causing the associated graphical session to malfunction due to interrupted communication.

Recommendations For versions prior to 2.29.92, update to version 2.29.92 or later to resolve the issue. As a temporary workaround, consider restricting access to the accept ice connection() function to minimize the risk of exploitation.