CVE-2017-11176
Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
9Exploited in Wild
-Decision
Descriptions
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.
La función mq_notify en el kernel de Linux hasta versión 4.11.9 no se ajusta el puntero sock a NULL al ingresar a la lógica de reintento. Durante un cierre de espacio de usuario de un socket Netlink, permite que los atacantes causen una denegación de servicio (uso de memoria previamente liberada) o posiblemente tengan otro impacto no especificado.
A use-after-free flaw was found in the Netlink functionality of the Linux kernel networking subsystem. Due to the insufficient cleanup in the mq_notify function, a local attacker could potentially use this flaw to escalate their privileges on the system.
Linux kernel versions prior to 4.11.8 suffer from an mq_notify: double sock_put() local privilege escalation vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-07-11 CVE Reserved
- 2017-07-11 CVE Published
- 2018-11-22 First Exploit
- 2023-05-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (22)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/99919 | Third Party Advisory | |
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/45553 | 2024-08-05 | |
https://github.com/c3r34lk1ll3r/CVE-2017-11176 | 2020-04-10 | |
https://github.com/Sama-Ayman-Mokhtar/CVE-2017-11176 | 2022-07-16 | |
https://github.com/HckEX/CVE-2017-11176 | 2019-08-08 | |
https://github.com/lexfo/cve-2017-11176 | 2024-08-12 | |
https://github.com/DoubleMice/cve-2017-11176 | 2018-11-22 | |
https://github.com/leonardo1101/cve-2017-11176 | 2019-12-23 | |
https://github.com/Yanoro/CVE-2017-11176 | 2024-11-23 | |
https://github.com/hckex/CVE-2017-11176 | 2019-08-08 |
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2017/dsa-3927 | 2023-01-17 | |
http://www.debian.org/security/2017/dsa-3945 | 2023-01-17 | |
https://access.redhat.com/errata/RHSA-2017:2918 | 2023-01-17 | |
https://access.redhat.com/errata/RHSA-2017:2930 | 2023-01-17 | |
https://access.redhat.com/errata/RHSA-2017:2931 | 2023-01-17 | |
https://access.redhat.com/errata/RHSA-2018:0169 | 2023-01-17 | |
https://access.redhat.com/errata/RHSA-2018:3822 | 2023-01-17 | |
https://access.redhat.com/security/cve/CVE-2017-11176 | 2018-12-13 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1470659 | 2018-12-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 3.2.92 Search vendor "Linux" for product "Linux Kernel" and version " < 3.2.92" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.3 < 3.16.47 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.16.47" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.18.61 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.61" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.19 < 4.1.43 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.1.43" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.2 < 4.4.77 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.77" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.38 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.38" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.11.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.11.11" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.12 < 4.12.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.12 < 4.12.2" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
|