QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-6074

Back to search

CVE-2017-6074

Published: Feb 18, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.

VendorProductVersions

n/a

n/a

affected
n/a

References

RHSA-2017:0323
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0324
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0365
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0347
vendor-advisory
x_refsource_REDHAT
RHSA-2017:1209
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0501
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0932
vendor-advisory
x_refsource_REDHAT
1037876
vdb-entry
x_refsource_SECTRACK
RHSA-2017:0316
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0294
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0295
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0366
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0346
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0403
vendor-advisory
x_refsource_REDHAT
DSA-3791
vendor-advisory
x_refsource_DEBIAN
RHSA-2017:0293
vendor-advisory
x_refsource_REDHAT
96310
vdb-entry
x_refsource_BID
41457
exploit
x_refsource_EXPLOIT-DB
41458
exploit
x_refsource_EXPLOIT-DB
RHSA-2017:0345
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now