F5 Networks BIG-IP : Linux kernel vulnerability (K15526101)
High Nessus Plugin ID 118633
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state. (CVE-2017-8824)
An attacker may exploit this vulnerability to gain privileges.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K15526101.