Main Vulnerability Database Exploits ID:1049 - Exploit for Resource management error in Linux kernel - CVE-2017-6074

ID:1049 - Exploit for Resource management error in Linux kernel - CVE-2017-6074

Published: March 18, 2020

Vulnerability identifier: #VU5869

Vulnerability risk: Low

CVE-ID: CVE-2017-6074

CWE-ID: CWE-399

Exploitation vector: Local access

Vulnerable software:
Linux kernel

Link to public exploit:

https://www.exploit-db.com/exploits/41458/

Vulnerability description

The vulnerability allows a local user to cause kernel panic.

The vulnerability exists due to invalid free in the dccp_rcv_state_process() function in net/dccp/input.c file in the Linux kernel through 4.9.11 when processing DCCP_PKT_REQUEST packet data structures in the LISTEN state. A local user can use userspace application to make an IPV6_RECVPKTINFO setsockopt system call and cause kernel panic.

Successful exploitation of this vulnerability may result in denial of service condition.

Remediation

Install patch from GIT repository.

ID:1049 - Exploit for Resource management error in Linux kernel - CVE-2017-6074

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human