CVE-2017-11176CVE-2017-11176

Affected configuration(s):

cpe:/o:linux:linux_kernel:4.11.9

Date published: 2017-07-11T19:29:00.213-04:00

Date last modified: 2017-12-06T21:29:12.820-05:00

CVSS Score: 10.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f991af3daabaecff34684fd51fac80319d1baad1

Summary: The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.