CVE-2017-6346
Ubuntu Security Notice USN-3361-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls.
Condición de carrera en net/packet/af_packet.c en el kernel de Linux en versiones anteriores a 4.9.13 permite a usuarios locales provocar una denegación de servicio (uso después de liberación de memoria) o la posibilidad de tener otro impacto no especificado a través de una aplicación multihilo que realizada llamadas al sistema PACKET_FANOUT setsockopt.
An update that solves two vulnerabilities and has two fixes is now available. This update for the Linux Kernel 4.4.82-6_9 fixes several issues. The following security issues were fixed. Net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition that leads to a use-after-free, a different vulnerability than CVE-2017-6346 Non security issues fixed. Wi-Fi Protected Access allowed reinstallation of the Group Temporal Key during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-02-26 CVE Reserved
- 2017-03-01 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- CWE-416: Use After Free
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/96508 | Third Party Advisory | |
| https://source.android.com/security/bulletin/2017-09-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3804 | 2023-06-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.1 < 3.2.87 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 3.2.87" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.3 < 3.10.106 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.10.106" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 3.12.71 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.71" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.13 < 3.16.42 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.16.42" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 4.1.49 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 4.1.49" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.2 < 4.4.52 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.52" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.13" | - |
Affected
| ||||||