CVE-2017-8890

Published: May 10, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.

Affected (10)

Products: Linux: Linux Kernel · Debian: Debian Linux

1 product

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 3.2.89
Linux Linux Kernel	From 3.11 to 3.16.44
Linux Linux Kernel	From 3.17 to 3.18.56
Linux Linux Kernel	From 3.19 to 4.1.42
Linux Linux Kernel	From 3.3 to 3.10.106
Linux Linux Kernel	From 4.10 to 4.11.4
Linux Linux Kernel	From 4.2 to 4.4.71
Linux Linux Kernel	From 4.5 to 4.9.31

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (18)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://www.debian.org/security/2017/dsa-3886

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/98562

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:1842

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2077

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2669

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1854

Source: cve@mitre.org

Third Party Advisory

https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://source.android.com/security/bulletin/2017-09-01

Source: cve@mitre.org

Third Party Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

http://www.debian.org/security/2017/dsa-3886

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/98562

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:1842

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2077

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2669

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1854

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://source.android.com/security/bulletin/2017-09-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.