PT-2017-2357 · Linux+5 · Linux Kernel+5
Andrey Konovalov
·
Published
2017-02-17
·
Updated
2025-09-29
·
CVE-2017-6074
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 4.9.11
Description
The issue is related to the dccp rcv state process function in the Linux kernel, which mishandles DCCP PKT REQUEST packet data structures in the LISTEN state. This can be exploited by a local user to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6 RECVPKTINFO setsockopt system call. The exploitation is due to the use of memory after it has been freed.
Recommendations
For Linux kernel versions prior to 4.9.11, update to version 4.9.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of the dccp rcv state process function or the IPV6 RECVPKTINFO setsockopt system call to minimize the risk of exploitation.
Exploit
Fix
DoS
Double Free
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu