CVE-2017-8890
kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
La función inet_csk_clone_lock en net / ipv4 / inet_connection_sock.c en el kernel de Linux hasta la versión 4.10.15 permite a los atacantes causar una denegación de servicio (double free) u otro impacto no especificado al aprovechar el uso de la llamada al sistema accept.
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-05-10 CVE Reserved
- 2017-05-10 CVE Published
- 2018-08-25 First Exploit
- 2024-08-05 CVE Updated
- 2024-08-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-415: Double Free
- CWE-416: Use After Free
CAPEC
References (14)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/98562 | Third Party Advisory | |
https://source.android.com/security/bulletin/2017-09-01 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/beraphin/CVE-2017-8890 | 2018-08-25 | |
https://github.com/thinkycx/CVE-2017-8890 | 2019-05-09 | |
https://github.com/7043mcgeep/cve-2017-8890-msf | 2019-05-03 |
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2017/dsa-3886 | 2023-02-24 | |
https://access.redhat.com/errata/RHSA-2017:1842 | 2023-02-24 | |
https://access.redhat.com/errata/RHSA-2017:2077 | 2023-02-24 | |
https://access.redhat.com/errata/RHSA-2017:2669 | 2023-02-24 | |
https://access.redhat.com/errata/RHSA-2018:1854 | 2023-02-24 | |
https://access.redhat.com/security/cve/CVE-2017-8890 | 2018-06-19 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1450972 | 2018-06-19 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 3.2.89 Search vendor "Linux" for product "Linux Kernel" and version " < 3.2.89" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.3 < 3.10.106 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.10.106" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 3.16.44 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.16.44" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.18.56 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.56" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.19 < 4.1.42 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.1.42" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.2 < 4.4.71 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.71" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.31 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.31" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.11.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.11.4" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
|