National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2017-6074 Detail

Current Description

The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.

Source:  MITRE      Last Modified:  02/22/2017      View Analysis Description

Quick Info

CVE Dictionary Entry:
CVE-2017-6074
Original release date:
02/18/2017
Last revised:
01/04/2018
Source:
US-CERT/NIST

Impact

CVSS Severity (version 3.0):
CVSS v3 Base Score:
7.8 High
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (legend)
Impact Score:
5.9
Exploitability Score:
1.8
CVSS Version 3 Metrics:
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
CVSS Severity (version 2.0):
CVSS v2 Base Score:
7.2 HIGH
Vector:
(AV:L/AC:L/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore:
10.0
Exploitability Subscore:
3.9
CVSS Version 2 Metrics:
Access Vector:
Locally exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://rhn.redhat.com/errata/RHSA-2017-0293.html External Source REDHAT RHSA-2017:0293
http://rhn.redhat.com/errata/RHSA-2017-0294.html External Source REDHAT RHSA-2017:0294
http://rhn.redhat.com/errata/RHSA-2017-0295.html External Source REDHAT RHSA-2017:0295
http://rhn.redhat.com/errata/RHSA-2017-0316.html External Source REDHAT RHSA-2017:0316
http://rhn.redhat.com/errata/RHSA-2017-0323.html External Source REDHAT RHSA-2017:0323
http://rhn.redhat.com/errata/RHSA-2017-0324.html External Source REDHAT RHSA-2017:0324
http://rhn.redhat.com/errata/RHSA-2017-0345.html External Source REDHAT RHSA-2017:0345
http://rhn.redhat.com/errata/RHSA-2017-0346.html External Source REDHAT RHSA-2017:0346
http://rhn.redhat.com/errata/RHSA-2017-0347.html External Source REDHAT RHSA-2017:0347
http://rhn.redhat.com/errata/RHSA-2017-0365.html External Source REDHAT RHSA-2017:0365
http://rhn.redhat.com/errata/RHSA-2017-0366.html External Source REDHAT RHSA-2017:0366
http://rhn.redhat.com/errata/RHSA-2017-0403.html External Source REDHAT RHSA-2017:0403
http://rhn.redhat.com/errata/RHSA-2017-0501.html External Source REDHAT RHSA-2017:0501
http://www.debian.org/security/2017/dsa-3791 External Source DEBIAN DSA-3791
http://www.openwall.com/lists/oss-security/2017/02/22/3 Mailing List; Third Party Advisory External Source MLIST [oss-security] 20170222 Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root)
http://www.securityfocus.com/bid/96310 Third Party Advisory; VDB Entry External Source BID 96310
http://www.securitytracker.com/id/1037876 External Source SECTRACK 1037876
https://access.redhat.com/errata/RHSA-2017:0932 External Source REDHAT RHSA-2017:0932
https://access.redhat.com/errata/RHSA-2017:1209 External Source REDHAT RHSA-2017:1209
https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 Issue Tracking; Patch; Third Party Advisory External Source CONFIRM https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
https://source.android.com/security/bulletin/2017-07-01 External Source CONFIRM https://source.android.com/security/bulletin/2017-07-01
https://www.exploit-db.com/exploits/41457/ External Source EXPLOIT-DB 41457
https://www.exploit-db.com/exploits/41458/ External Source EXPLOIT-DB 41458
https://www.tenable.com/security/tns-2017-07 External Source CONFIRM https://www.tenable.com/security/tns-2017-07

Technical Details

Vulnerability Type (View All)

Change History 10 change records found - show changes