Published: 18/02/2017 Updated: 10/02/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 732

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel up to and including 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
debian debian linux 8.0

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts CVE-2016-6786 / CVE-2016-6787 It was discovered that the performance events subsystem does not properly manage locks during certain migrations, allowing a local attacker to escalate privileg ...

A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their p ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 59 LongLifeRed Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring Syste ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...

Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 71 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 72 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 56 LongLifeRed Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring Syste ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 62 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Synopsis Important: rhev-hypervisor bug fix and enhancement update for RHEV 3611 Type/Severity Security Advisory: Important Topic An update for rhev-hypervisor7 is now available for RHEV 3X Hypervisor and Agents for RHEL-6 and RHEV 3X Hypervisor and Agents for RHEL-7Red Hat Product Security has rated t ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 66 Advanced Update Support and Red Hat Enterprise Linux 66 Telco Extended Update SupportRed Hat Product Security has rated this update as having a ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 64 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 65 Advanced Update Support and Red Hat Enterprise Linux 65 Telco Extended Update SupportRed Hat Product Security has rated this update as having a ...

Several security issues were fixed in the kernel ...

A use-after-free vulnerability has been discovered in the DCCP implementation in the Linux kernel The dccp_rcv_state_process function in net/dccp/inputc in the Linux kernel through 4911 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state A local unprivileged user could use this flaw to alter the kernel memory, allowing them ...

The Tenable Appliance has recently been discovered to contain several vulnerabilities One exists in the underlying operating system kernel, two in the Appliance web interface, and multiple issues in bundled applications Since the Appliance ships with other Tenable products, please consult the associated advisories linked below for more details ...

// // EDB Note: More information ~ seclistsorg/oss-sec/2017/q1/471 // // A trigger for CVE-2017-6074, crashes kernel // Tested on 440-62-generic #83-Ubuntu kernel // githubcom/xairy/kernel-exploits/tree/master/CVE-2017-6074 // // Andrey Konovalov <andreyknvl@gmailcom> #define _GNU_SOURCE #include <netinet/iph> ...

// // EDB Note: More information ~ seclistsorg/oss-sec/2017/q1/471 // // A proof-of-concept local root exploit for CVE-2017-6074 // Includes a semireliable SMAP/SMEP bypass // Tested on 440-62-generic #83-Ubuntu kernel // githubcom/xairy/kernel-exploits/tree/master/CVE-2017-6074 // // Usage: // $ gcc pocc -o pwn // $ /pwn // ...

Linux Kernel version 440 (Ubuntu) DCCP double-free privilege escalation exploit that includes a semi-reliable SMAP/SMEP bypass ...

Linux kernel version 440 (Ubuntu) DCCP double-free crash denial of service proof of concept exploit ...

CVE-2017-6074 Bug overview Giao thức DCCP (Datagram Congestion Control Protocol) khi được triển khai ở trạng thái listen, tại hàm dccp_rcv_state_process(), một skb sẽ được free nếu dccp_v6_conn_request() trả về thành công Tuy nhiên nếu IPV6_RECVPKTINFO được sử dụng thì địa chỉ của skb được

Linux-Kernel-440-Ubuntu---DCCP-Double-Free-Privilege-Escalation-CVE-2017-6074

kernel-exploits CVE-2016-2384: a double-free in USB MIDI driver CVE-2016-9793: a signedness issue with SO_SNDBUFFORCE and SO_RCVBUFFORCE socket options CVE-2017-6074: a double-free in DCCP protocol CVE-2017-7308: a signedness issue in AF_PACKET sockets

some exploits for kernel linux

kernel-linux-xpls some exploits for kernel linux CVE-2017-7308 Include SMEP and Kaslr bypass CVE-2017-6074 Include SMEP bypass and

Vulnerability Report

vlun_report Vulnerability Report template generator based on CVE number Usage $ /vlun_report -n CVE-2017-6074 # Vulnerability Report for CVE-2017-6074 ## CVSS3 for CVE-2017-6074 |KEY|VALUE| |---|-----| |CVSS v3 Base Score| 78 High| |Vector| CVSS:30/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| |Impact Score| 59| |Exploitability Score| 18| |Attack Vector (AV)| Local| |Attack Com

Linux kernel < 4.10.15 - Race Condition Privilege Escalation

Ecploit-kernel-410-linux-local Linux kernel < 41015 - Race Condition Privilege Escalation Linux kernel < 41015 CVE-2017-1000112 This is a proof-of-concept local root exploit for the vulnerability in the UFO Linux kernel implementation CVE-2017-1000112 Some details: wwwopenwallcom/lists/oss-security/2017/08/13/1 s/timerfdc Vulnerbility Exploit Vulne

Get Started

CVE-2017-6074

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect