CVE-2017-6074

HIGH

Description

The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.

References

http://rhn.redhat.com/errata/RHSA-2017-0293.html

http://rhn.redhat.com/errata/RHSA-2017-0294.html

http://rhn.redhat.com/errata/RHSA-2017-0295.html

http://rhn.redhat.com/errata/RHSA-2017-0316.html

http://rhn.redhat.com/errata/RHSA-2017-0323.html

http://rhn.redhat.com/errata/RHSA-2017-0324.html

http://rhn.redhat.com/errata/RHSA-2017-0345.html

http://rhn.redhat.com/errata/RHSA-2017-0346.html

http://rhn.redhat.com/errata/RHSA-2017-0347.html

http://rhn.redhat.com/errata/RHSA-2017-0365.html

http://rhn.redhat.com/errata/RHSA-2017-0366.html

http://rhn.redhat.com/errata/RHSA-2017-0403.html

http://rhn.redhat.com/errata/RHSA-2017-0501.html

http://www.debian.org/security/2017/dsa-3791

http://www.openwall.com/lists/oss-security/2017/02/22/3

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.securityfocus.com/bid/96310

http://www.securitytracker.com/id/1037876

https://access.redhat.com/errata/RHSA-2017:0932

https://access.redhat.com/errata/RHSA-2017:1209

https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4

https://source.android.com/security/bulletin/2017-07-01

https://www.exploit-db.com/exploits/41457/

https://www.exploit-db.com/exploits/41458/

https://www.tenable.com/security/tns-2017-07

Details

Source: MITRE

Published: 2017-02-18

Updated: 2018-07-19

Type: CWE-415

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (64 total)

ID	Name	Product	Family	Severity
124980	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1527)	Nessus	Huawei Local Security Checks	critical
124825	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1502)	Nessus	Huawei Local Security Checks	high
121672	Photon OS 1.0: Linux PHSA-2017-0006	Nessus	PhotonOS Local Security Checks	high
111855	Photon OS 1.0: Linux / Vim PHSA-2017-0006 (deprecated)	Nessus	PhotonOS Local Security Checks	high
104135	F5 Networks BIG-IP : Linux kernel vulnerability (K82508682)	Nessus	F5 Networks Local Security Checks	high
103354	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2525-1) (Stack Clash)	Nessus	SuSE Local Security Checks	critical
102511	Oracle Linux 7 : kernel (ELSA-2017-1842-1) (Stack Clash)	Nessus	Oracle Linux Local Security Checks	critical
101429	Virtuozzo 7 : kernel / kernel-PAE / kernel-PAE-devel / etc (VZLSA-2017-0323)	Nessus	Virtuozzo Local Security Checks	high
101426	Virtuozzo 7 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0294)	Nessus	Virtuozzo Local Security Checks	high
101425	Virtuozzo 6 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0293)	Nessus	Virtuozzo Local Security Checks	high
100320	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1360-1)	Nessus	SuSE Local Security Checks	critical
100238	OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0106)	Nessus	OracleVM Local Security Checks	critical
100235	Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3567)	Nessus	Oracle Linux Local Security Checks	critical
100214	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:1301-1)	Nessus	SuSE Local Security Checks	high
100150	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:1247-1)	Nessus	SuSE Local Security Checks	critical
100143	RHEL 6 / 7 : rhev-hypervisor (RHSA-2017:1209)	Nessus	Red Hat Local Security Checks	high
100023	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1183-1)	Nessus	SuSE Local Security Checks	high
99902	EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1057)	Nessus	Huawei Local Security Checks	high
99901	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1056)	Nessus	Huawei Local Security Checks	high
99345	RHEL 6 : MRG (RHSA-2017:0932)	Nessus	Red Hat Local Security Checks	high
99163	OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)	Nessus	OracleVM Local Security Checks	critical
99160	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3534)	Nessus	Oracle Linux Local Security Checks	high
97984	Virtuozzo 7 : readykernel-patch (VZA-2017-017)	Nessus	Virtuozzo Local Security Checks	high
97750	RHEL 7 : kernel (RHSA-2017:0501)	Nessus	Red Hat Local Security Checks	high
97557	Amazon Linux AMI : kernel (ALAS-2017-805)	Nessus	Amazon Linux Local Security Checks	high
97514	RHEL 7 : kernel (RHSA-2017:0403)	Nessus	Red Hat Local Security Checks	high
97492	RHEL 6 : kernel (RHSA-2017:0366)	Nessus	Red Hat Local Security Checks	high
97491	RHEL 6 : kernel (RHSA-2017:0365)	Nessus	Red Hat Local Security Checks	high
97465	RHEL 5 : kernel (RHSA-2017:0347)	Nessus	Red Hat Local Security Checks	high
97464	RHEL 5 : kernel (RHSA-2017:0346)	Nessus	Red Hat Local Security Checks	high
97463	RHEL 6 : kernel (RHSA-2017:0345)	Nessus	Red Hat Local Security Checks	high
97456	Fedora 25 : kernel (2017-f519ebb3c4)	Nessus	Fedora Local Security Checks	high
97425	Fedora 24 : kernel (2017-4b9f61c68d)	Nessus	Fedora Local Security Checks	high
97415	Scientific Linux Security Update : kernel on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
97414	RHEL 6 : kernel (RHSA-2017:0324)	Nessus	Red Hat Local Security Checks	high
97413	RHEL 5 : kernel (RHSA-2017:0323)	Nessus	Red Hat Local Security Checks	high
97412	OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0046)	Nessus	OracleVM Local Security Checks	high
97411	OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0045)	Nessus	OracleVM Local Security Checks	high
97410	OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0044)	Nessus	OracleVM Local Security Checks	high
97408	Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3522)	Nessus	Oracle Linux Local Security Checks	high
97407	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3521)	Nessus	Oracle Linux Local Security Checks	high
97406	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3520)	Nessus	Oracle Linux Local Security Checks	high
97405	Oracle Linux 5 : kernel (ELSA-2017-0323)	Nessus	Oracle Linux Local Security Checks	high
97391	CentOS 5 : kernel (CESA-2017:0323)	Nessus	CentOS Local Security Checks	high
97377	Scientific Linux Security Update : kernel on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
97376	Scientific Linux Security Update : kernel on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
97375	RHEL 6 : kernel (RHSA-2017:0316)	Nessus	Red Hat Local Security Checks	high
97367	openSUSE Security Update : the Linux Kernel (openSUSE-2017-287)	Nessus	SuSE Local Security Checks	high
97366	openSUSE Security Update : the Linux Kernel (openSUSE-2017-286)	Nessus	SuSE Local Security Checks	high
97357	Debian DSA-3791-1 : linux - security update	Nessus	Debian Local Security Checks	high
97350	RHEL 7 : kernel-rt (RHSA-2017:0295)	Nessus	Red Hat Local Security Checks	high
97349	RHEL 7 : kernel (RHSA-2017:0294)	Nessus	Red Hat Local Security Checks	high
97348	RHEL 6 : kernel (RHSA-2017:0293)	Nessus	Red Hat Local Security Checks	high
97347	Oracle Linux 7 : kernel (ELSA-2017-0294)	Nessus	Oracle Linux Local Security Checks	high
97345	Oracle Linux 6 : kernel (ELSA-2017-0293)	Nessus	Oracle Linux Local Security Checks	high
97332	Debian DLA-833-1 : linux security update	Nessus	Debian Local Security Checks	high
97331	CentOS 7 : kernel (CESA-2017:0294)	Nessus	CentOS Local Security Checks	high
97330	CentOS 6 : kernel (CESA-2017:0293)	Nessus	CentOS Local Security Checks	high
97324	Ubuntu 16.10 : linux, linux-raspi2 vulnerabilities (USN-3209-1)	Nessus	Ubuntu Local Security Checks	high
97323	Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3208-2)	Nessus	Ubuntu Local Security Checks	high
97322	Ubuntu 16.04 LTS : linux, linux-snapdragon vulnerabilities (USN-3208-1)	Nessus	Ubuntu Local Security Checks	high
97321	Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3207-2)	Nessus	Ubuntu Local Security Checks	high
97320	Ubuntu 14.04 LTS : linux vulnerabilities (USN-3207-1)	Nessus	Ubuntu Local Security Checks	high
97319	Ubuntu 12.04 LTS : linux, linux-ti-omap4 vulnerabilities (USN-3206-1)	Nessus	Ubuntu Local Security Checks	high