The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 4.9.13-1linux_4.9.13-1_all.deb
Debian11alllinux< 4.9.13-1linux_4.9.13-1_all.deb
Debian999alllinux< 4.9.13-1linux_4.9.13-1_all.deb
Debian13alllinux< 4.9.13-1linux_4.9.13-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 4.9.13-1	linux_4.9.13-1_all.deb
Debian	11	all	linux	< 4.9.13-1	linux_4.9.13-1_all.deb
Debian	999	all	linux	< 4.9.13-1	linux_4.9.13-1_all.deb
Debian	13	all	linux	< 4.9.13-1	linux_4.9.13-1_all.deb

veracode 1

cvelist 1

openvas 32

zdt 2

redhat 15

nessus 71

exploitpack 2

oraclelinux 15

lenovo 2

cve 1

packetstorm 2

centos 3

ubuntucve 1

f5 1

fedora 2

hackerone 1

seebug 1

prion 1

threatpost 1

myhack58 2

nvd 1

exploitdb 2

virtuozzo 2

thn 1

ubuntu 6

suse 9

archlinux 2

cloudfoundry 1

ibm 2

amazon 1

debian 3

osv 2

kitploit 1

mageia 3

androidsecurity 1

oracle 1

veracode

Denial Of Service (DoS)

2019-01-15 09:15:29

cvelist

CVE-2017-6074

2017-02-18 21:40:00

openvas

CentOS Update for kernel CESA-2017:0386_01 centos7

2017-03-07 00:00:00

RedHat Update for kernel RHSA-2017:0293-01

2017-03-03 00:00:00

Fedora Update for kernel FEDORA-2017-f519ebb3c4

2017-03-02 00:00:00

zdt

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation Exploit

2017-02-27 00:00:00

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free PoC Exploit

2017-02-27 00:00:00

redhat

(RHSA-2017:0365) Important: kernel security update

2017-03-01 15:21:18

(RHSA-2017:0366) Important: kernel security update

2017-03-01 15:21:27

(RHSA-2017:0324) Important: kernel security update

2017-02-24 15:03:48

nessus

RHEL 7 : kernel (RHSA-2017:0403)

2017-03-03 00:00:00

OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0045)

2017-02-27 00:00:00

RancherOS < 1.1.1 Privilege Escalation (Dirty COW)

2019-12-19 00:00:00

exploitpack

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free (PoC)

2017-02-26 00:00:00

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation

2017-02-26 00:00:00

oraclelinux

Unbreakable Enterprise kernel security update

2017-02-24 00:00:00

kernel security update

2017-02-22 00:00:00

Unbreakable Enterprise kernel security update

2017-02-24 00:00:00

lenovo

Lenovo StorSelect DX8200C HyperStore Use-after-free in the IPv6 implementation of the DCCP protocol in the Linux kernel - us

2017-06-08 00:00:00

Lenovo StorSelect DX8200C HyperStore Use-after-free in the IPv6 implementation of the DCCP protocol in the Linux kernel - Lenovo Support US

2017-06-08 00:00:00

cve

CVE-2017-6074

2017-02-18 21:59:00

packetstorm

Linux Kernel 4.4.0 Ubuntu DCCP Double-Free Privilege Escalation

2017-02-27 00:00:00

Linux Kernel 4.4.0 Ubuntu DCCP Double-Free Crash

2017-02-27 00:00:00

centos

kernel, perf, python security update

2017-02-23 04:21:38

kernel, perf, python security update

2017-02-23 05:45:33

kernel security update

2017-02-25 15:02:03

ubuntucve

CVE-2017-6074

2017-02-23 00:00:00

K82508682 : Linux kernel vulnerability CVE-2017-6074

2017-03-10 00:00:00

fedora

[SECURITY] Fedora 25 Update: kernel-4.9.12-200.fc25

2017-02-27 22:54:54

[SECURITY] Fedora 24 Update: kernel-4.9.12-100.fc24

2017-02-27 22:51:12

hackerone

Internet Bug Bounty: Linux kernel: CVE-2017-6074: DCCP double-free vulnerability

2018-05-03 22:10:54

seebug

Linux kernel DCCP double-free vulnerability（CVE-2017-6074）

2017-02-23 00:00:00

prion

Double free

2017-02-18 21:59:00

threatpost

Impact of New Linux Kernel DCCP Vulnerability Limited

2017-02-23 11:11:43

myhack58

Snow hidden for 11 years: Linux kernel DCCP double-free privilege escalation Vulnerability, CVE-2017-6074-a vulnerability warning-the black bar safety net

2017-02-23 00:00:00

Lurking in 11 years of Linux kernel to mention the right vulnerability-exposure-vulnerability warning-the black bar safety net

2017-02-23 00:00:00

nvd

CVE-2017-6074

2017-02-18 21:59:00

exploitdb

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation

2017-02-26 00:00:00

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free (PoC)

2017-02-26 00:00:00

virtuozzo

Important kernel security update: Virtuozzo ReadyKernel patch 14.0 for kernels 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0), 3.10.0-327.36.1.vz7.18.7 (Virtuozzo 7.0.1), and 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3)

2017-03-16 00:00:00

Important kernel security update: new kernel 2.6.18-028stab122.1 for Virtuozzo Containers for Linux 4.6

2017-03-15 00:00:00

thn

11-Year Old Linux Kernel Local Privilege Escalation Flaw Discovered

2017-02-22 07:08:00

ubuntu

Linux kernel (Trusty HWE) vulnerabilities

2017-02-22 00:00:00

Linux kernel vulnerabilities

2017-02-22 00:00:00

Linux kernel vulnerabilities

2017-02-22 00:00:00

suse

Security update for the Linux Kernel (important)

2017-02-22 21:15:53

Security update for the Linux Kernel (important)

2017-02-22 21:10:07

Security update for the Linux Kernel (important)

2017-05-05 15:11:30

archlinux

[ASA-201702-18] linux-zen: multiple issues

2017-02-22 00:00:00

[ASA-201702-17] linux: multiple issues

2017-02-22 00:00:00

cloudfoundry

USN-3208-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

2017-03-01 00:00:00

ibm

Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM

2018-06-18 01:37:19

Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel

2018-06-16 22:02:07

amazon

Important: kernel

2017-03-06 14:00:00

debian

[SECURITY] [DLA 833-1] linux security update

2017-02-22 19:45:23

[SECURITY] [DSA 3791-1] linux security update

2017-02-22 19:15:13

[SECURITY] [DSA 3791-1] linux security update

2017-02-22 19:15:13

osv

linux - security update

2017-02-22 00:00:00

linux - security update

2017-02-22 00:00:00

kitploit

Kernelpop - Kernel Privilege Escalation Enumeration And Exploitation Framework

2017-11-04 13:30:00

mageia

Updated kernel and kmod packages fixes security vulnerabilities

2017-02-25 11:29:30

Updated kernel-linus fixes security vulnerabilities

2017-02-25 11:29:30

Updated kernel-tmb packages fixes security vulnerabilities

2017-02-25 11:29:30

androidsecurity

Android Security Bulletin—July 2017

2017-07-05 00:00:00

oracle

CPU July 2018

2018-07-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for DEBIANCVE:CVE-2017-6074