Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2017-6074 |
CWE-ID | CWE-399 |
Exploitation vector | Local |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
kernel-rt (Red Hat package) Operating systems & Components / Operating system package or component Red Hat Enterprise Linux for Real Time Operating systems & Components / Operating system Red Hat Enterprise Linux for Real Time for NFV Operating systems & Components / Operating system |
Vendor |
Red Hat Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU5869
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-6074
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to cause kernel panic.
The vulnerability exists due to invalid free in the dccp_rcv_state_process() function in net/dccp/input.c file in the Linux kernel through 4.9.11 when processing DCCP_PKT_REQUEST packet data structures in the LISTEN state. A local user can use userspace application to make an IPV6_RECVPKTINFO setsockopt system call and cause kernel panic.
Successful exploitation of this vulnerability may result in denial of service condition.
Install updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-514.6.1.rt56.429.el7
Red Hat Enterprise Linux for Real Time: 7
Red Hat Enterprise Linux for Real Time for NFV: 7
http://access.redhat.com/errata/RHSA-2017:0295
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?