The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.

References

rhn.redhat.com/errata/RHSA-2017-0293.html

rhn.redhat.com/errata/RHSA-2017-0294.html

rhn.redhat.com/errata/RHSA-2017-0295.html

rhn.redhat.com/errata/RHSA-2017-0316.html

rhn.redhat.com/errata/RHSA-2017-0323.html

rhn.redhat.com/errata/RHSA-2017-0324.html

rhn.redhat.com/errata/RHSA-2017-0345.html

rhn.redhat.com/errata/RHSA-2017-0346.html

rhn.redhat.com/errata/RHSA-2017-0347.html

rhn.redhat.com/errata/RHSA-2017-0365.html

rhn.redhat.com/errata/RHSA-2017-0366.html

rhn.redhat.com/errata/RHSA-2017-0403.html

rhn.redhat.com/errata/RHSA-2017-0501.html

www.debian.org/security/2017/dsa-3791

www.openwall.com/lists/oss-security/2017/02/22/3

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.securityfocus.com/bid/96310

www.securitytracker.com/id/1037876

access.redhat.com/errata/RHSA-2017:0932

access.redhat.com/errata/RHSA-2017:1209

github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4

source.android.com/security/bulletin/2017-07-01

www.exploit-db.com/exploits/41457/

www.exploit-db.com/exploits/41458/

www.tenable.com/security/tns-2017-07

cve 1

lenovo 2

oraclelinux 15

redhat 15

nessus 71

packetstorm 2

centos 3

ubuntucve 1

f5 1

openvas 32

veracode 1

exploitpack 2

zdt 2

debiancve 1

nvd 1

threatpost 1

myhack58 2

fedora 2

prion 1

hackerone 1

seebug 1

exploitdb 2

thn 1

virtuozzo 2

ubuntu 6

suse 9

archlinux 2

ibm 2

amazon 1

cloudfoundry 1

debian 3

osv 2

kitploit 1

mageia 3

androidsecurity 1

oracle 1

cve

CVE-2017-6074

2017-02-18 21:59:00

lenovo

Lenovo StorSelect DX8200C HyperStore Use-after-free in the IPv6 implementation of the DCCP protocol in the Linux kernel - us

2017-06-08 00:00:00

Lenovo StorSelect DX8200C HyperStore Use-after-free in the IPv6 implementation of the DCCP protocol in the Linux kernel - Lenovo Support US

2017-06-08 00:00:00

oraclelinux

kernel security update

2017-02-22 00:00:00

Unbreakable Enterprise kernel security update

2017-02-24 00:00:00

kernel security update

2017-02-22 00:00:00

redhat

(RHSA-2017:0324) Important: kernel security update

2017-02-24 15:03:48

(RHSA-2017:0366) Important: kernel security update

2017-03-01 15:21:27

(RHSA-2017:0403) Important: kernel security update

2017-03-02 16:14:23

nessus

RancherOS < 1.1.1 Privilege Escalation (Dirty COW)

2019-12-19 00:00:00

RHEL 6 : kernel (RHSA-2017:0366)

2017-03-02 00:00:00

CentOS 7 : kernel (CESA-2017:0294)

2017-02-23 00:00:00

packetstorm

Linux Kernel 4.4.0 Ubuntu DCCP Double-Free Privilege Escalation

2017-02-27 00:00:00

Linux Kernel 4.4.0 Ubuntu DCCP Double-Free Crash

2017-02-27 00:00:00

centos

kernel, perf, python security update

2017-02-23 04:21:38

kernel, perf, python security update

2017-02-23 05:45:33

kernel security update

2017-02-25 15:02:03

ubuntucve

CVE-2017-6074

2017-02-23 00:00:00

K82508682 : Linux kernel vulnerability CVE-2017-6074

2017-03-10 00:00:00

openvas

CentOS Update for kernel CESA-2017:0293 centos6

2017-02-23 00:00:00

CentOS Update for kernel CESA-2017:0386_01 centos7

2017-03-07 00:00:00

RedHat Update for kernel RHSA-2017:0293-01

2017-03-03 00:00:00

veracode

Denial Of Service (DoS)

2019-01-15 09:15:29

exploitpack

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free (PoC)

2017-02-26 00:00:00

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation

2017-02-26 00:00:00

zdt

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation Exploit

2017-02-27 00:00:00

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free PoC Exploit

2017-02-27 00:00:00

debiancve

CVE-2017-6074

2017-02-18 21:59:00

nvd

CVE-2017-6074

2017-02-18 21:59:00

threatpost

Impact of New Linux Kernel DCCP Vulnerability Limited

2017-02-23 11:11:43

myhack58

Snow hidden for 11 years: Linux kernel DCCP double-free privilege escalation Vulnerability, CVE-2017-6074-a vulnerability warning-the black bar safety net

2017-02-23 00:00:00

Lurking in 11 years of Linux kernel to mention the right vulnerability-exposure-vulnerability warning-the black bar safety net

2017-02-23 00:00:00

fedora

[SECURITY] Fedora 25 Update: kernel-4.9.12-200.fc25

2017-02-27 22:54:54

[SECURITY] Fedora 24 Update: kernel-4.9.12-100.fc24

2017-02-27 22:51:12

prion

Double free

2017-02-18 21:59:00

hackerone

Internet Bug Bounty: Linux kernel: CVE-2017-6074: DCCP double-free vulnerability

2018-05-03 22:10:54

seebug

Linux kernel DCCP double-free vulnerability（CVE-2017-6074）

2017-02-23 00:00:00

exploitdb

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation

2017-02-26 00:00:00

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free (PoC)

2017-02-26 00:00:00

thn

11-Year Old Linux Kernel Local Privilege Escalation Flaw Discovered

2017-02-22 07:08:00

virtuozzo

Important kernel security update: new kernel 2.6.18-028stab122.1 for Virtuozzo Containers for Linux 4.6

2017-03-15 00:00:00

Important kernel security update: Virtuozzo ReadyKernel patch 14.0 for kernels 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0), 3.10.0-327.36.1.vz7.18.7 (Virtuozzo 7.0.1), and 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3)

2017-03-16 00:00:00

ubuntu

Linux kernel (Trusty HWE) vulnerabilities

2017-02-22 00:00:00

Linux kernel vulnerabilities

2017-02-22 00:00:00

Linux kernel vulnerabilities

2017-02-22 00:00:00

suse

Security update for the Linux Kernel (important)

2017-02-22 21:10:07

Security update for the Linux Kernel (important)

2017-02-22 21:15:53

Security update for the Linux Kernel (important)

2017-05-05 15:11:30

archlinux

[ASA-201702-17] linux: multiple issues

2017-02-22 00:00:00

[ASA-201702-18] linux-zen: multiple issues

2017-02-22 00:00:00

ibm

Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM

2018-06-18 01:37:19

Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel

2018-06-16 22:02:07

amazon

Important: kernel

2017-03-06 14:00:00

cloudfoundry

USN-3208-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

2017-03-01 00:00:00

debian

[SECURITY] [DLA 833-1] linux security update

2017-02-22 19:45:23

[SECURITY] [DSA 3791-1] linux security update

2017-02-22 19:15:13

[SECURITY] [DSA 3791-1] linux security update

2017-02-22 19:15:13

osv

linux - security update

2017-02-22 00:00:00

linux - security update

2017-02-22 00:00:00

kitploit

Kernelpop - Kernel Privilege Escalation Enumeration And Exploitation Framework

2017-11-04 13:30:00

mageia

Updated kernel-tmb packages fixes security vulnerabilities

2017-02-25 11:29:30

Updated kernel and kmod packages fixes security vulnerabilities

2017-02-25 11:29:30

Updated kernel-linus fixes security vulnerabilities

2017-02-25 11:29:30

androidsecurity

Android Security Bulletin—July 2017

2017-07-05 00:00:00

oracle

CPU July 2018

2018-07-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVELIST:CVE-2017-6074