CVE-2017-15649
Linux Kernel - 'AF_PACKET' Use-After-Free
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346.
net/packet/af_packet.c en versiones anteriores a la 4.13.6 del kernel de Linux permite que usuarios locales obtengan privilegios mediante llamadas manipuladas al sistema que dan lugar a una gestiĆ³n incorrecta de las estructuras de datos packet_fanout. Esto se debe a una condiciĆ³n de carrera (que afecta a fanout_add y packet_do_bind) que da lugar a un uso de memoria previamente liberada. Esta vulnerabilidad es diferente de CVE-2017-6346.
It was found that fanout_add() in 'net/packet/af_packet.c' in the Linux kernel, before version 4.13.6, allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free bug.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-10-17 First Exploit
- 2017-10-19 CVE Reserved
- 2017-10-19 CVE Published
- 2023-05-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- CWE-416: Use After Free
CAPEC
References (17)
URL | Tag | Source |
---|---|---|
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110 | Third Party Advisory | |
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e | Third Party Advisory | |
http://patchwork.ozlabs.org/patch/813945 | Issue Tracking | |
http://patchwork.ozlabs.org/patch/818726 | Third Party Advisory | |
http://www.securityfocus.com/bid/101573 | Third Party Advisory | |
https://blogs.securiteam.com/index.php/archives/3484 | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/44053 | 2017-10-17 | |
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6 | 2024-08-05 |
URL | Date | SRC |
---|---|---|
https://github.com/torvalds/linux/commit/008ba2a13f2d04c947adc536d19debb8fe66f110 | 2018-08-24 | |
https://github.com/torvalds/linux/commit/4971613c1639d8e5f102c4e797c3bf8f83a5a69e | 2018-08-24 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:0151 | 2018-08-24 | |
https://access.redhat.com/errata/RHSA-2018:0152 | 2018-08-24 | |
https://access.redhat.com/errata/RHSA-2018:0181 | 2018-08-24 | |
https://usn.ubuntu.com/3754-1 | 2018-08-24 | |
https://access.redhat.com/security/cve/CVE-2017-15649 | 2018-01-25 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1504574 | 2018-01-25 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.13.5 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.13.5" | - |
Affected
|