F5 Networks BIG-IP : Linux kernel vulnerability (K82508682)
High Nessus Plugin ID 104135
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K82508682.