The mq_notify function in the Linux kernel up to and including 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows malicious users to cause a denial of service (use-after-free) or possibly have unspecified other impact.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |