CVE-2017-6074

Published: Feb 18, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.

Affected (9)

Products: Linux: Linux Kernel · Debian: Debian Linux

1 product

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 3.2.86
Linux Linux Kernel	From 3.11 to 3.12.71
Linux Linux Kernel	From 3.13 to 3.16.41
Linux Linux Kernel	From 3.17 to 3.18.49
Linux Linux Kernel	From 3.19 to 4.1.41
Linux Linux Kernel	From 3.3 to 3.10.106
Linux Linux Kernel	From 4.2 to 4.4.52
Linux Linux Kernel	From 4.5 to 4.9.13

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

CWE-415

Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (50)

http://rhn.redhat.com/errata/RHSA-2017-0293.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0294.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0295.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0316.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0323.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0324.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0345.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0346.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0347.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0365.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0366.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0403.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0501.html

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2017/dsa-3791

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2017/02/22/3

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Source: cve@mitre.org

PatchThird Party Advisory

http://www.securityfocus.com/bid/96310

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037876

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:0932

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:1209

Source: cve@mitre.org

Third Party Advisory

https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://source.android.com/security/bulletin/2017-07-01

Source: cve@mitre.org

Third Party Advisory

https://www.exploit-db.com/exploits/41457/

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/41458/

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.tenable.com/security/tns-2017-07

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0293.html