We found results for “”
CVE-2017-11176
Good to know:
Date: July 11, 2017
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.
Language: C
Severity Score
Related Resources (16)
Severity Score
Weakness Type (CWE)
Use After Free
CWE-416Top Fix
Upgrade Version
Upgrade to version v4.13-rc1,v3.16.47,v3.18.61,v3.2.92,v4.1.43,v4.11.11,v4.12.2,v4.4.77,v4.9.38
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | LOCAL |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | COMPLETE |
Integrity (I): | COMPLETE |
Availability (A): | COMPLETE |
Additional information: |