Vulnerability Details : CVE-2017-11176
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.
Vulnerability category: Memory CorruptionDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2017-11176
Probability of exploitation activity in the next 30 days: 0.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 33 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-11176
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-11176
-
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-11176
-
https://access.redhat.com/errata/RHSA-2018:3822
RHSA-2018:3822 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2930
RHSA-2017:2930 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.exploit-db.com/exploits/45553/
Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege EscalationThird Party Advisory;VDB Entry
-
http://www.debian.org/security/2017/dsa-3927
Debian -- Security Information -- DSA-3927-1 linuxThird Party Advisory
-
http://www.debian.org/security/2017/dsa-3945
Debian -- Security Information -- DSA-3945-1 linuxThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:0169
RHSA-2018:0169 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f991af3daabaecff34684fd51fac80319d1baad1
kernel/git/torvalds/linux.git - Linux kernel source treeIssue Tracking;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/99919
Linux kernel CVE-2017-11176 Local Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:2918
RHSA-2017:2918 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
Security fixes in StruxureWare Data Center Expert v7.6.0 - User assistance for StruxureWare Data Center Expert 7.x - Help Center: Support for EcoStruxure IT, StruxureWare for Data Centers, and NetBotzThird Party Advisory
-
https://github.com/torvalds/linux/commit/f991af3daabaecff34684fd51fac80319d1baad1
mqueue: fix a use-after-free in sys_mq_notify() · torvalds/linux@f991af3 · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2931
RHSA-2017:2931 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Products affected by CVE-2017-11176
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*