Published: 19/10/2017 Updated: 24/08/2018

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

net/packet/af_packet.c in the Linux kernel prior to 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...

Several security issues were fixed in the Linux kernel ...

## Vulnerabilities summary The following advisory describes a use-after-free vulnerability found in Linux Kernel’s implementation of AF_PACKET that can lead to privilege escalation AF_PACKET sockets “allow users to send or receive packets on the device driver level This for example lets them to implement their own protocol on top of the phys ...

CWE-362 https://github.com/torvalds/linux/commit/4971613c1639d8e5f102c4e797c3bf8f83a5a69e https://github.com/torvalds/linux/commit/008ba2a13f2d04c947adc536d19debb8fe66f110 https://blogs.securiteam.com/index.php/archives/3484 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6 http://patchwork.ozlabs.org/patch/818726/http://patchwork.ozlabs.org/patch/813945/http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110 http://www.securityfocus.com/bid/101573 https://access.redhat.com/errata/RHSA-2018:0181 https://access.redhat.com/errata/RHSA-2018:0152 https://access.redhat.com/errata/RHSA-2018:0151 https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://usn.ubuntu.com/3754-1/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2018:0181 https://www.exploit-db.com/exploits/44053/https://usn.ubuntu.com/3485-1/

CVE-2017-15649

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect