Main Vulnerability Database Exploits ID:6118 - Exploit for NULL pointer dereference in Linux kernel - CVE-2017-11176

ID:6118 - Exploit for NULL pointer dereference in Linux kernel - CVE-2017-11176

Published: June 17, 2021

Vulnerability identifier: #VU16551

Vulnerability risk: Low

CVE-ID: CVE-2017-11176

CWE-ID: CWE-476

Exploitation vector: Remote access

Vulnerable software:
Linux kernel

Link to public exploit:

https://www.exploit-db.com/exploits/45553/

Vulnerability description

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists due to the mq_notify function does not set the sock pointer to NULL upon entry into the retry logic. A remote attacker can trigger use-after-free error during a user-space close of a Netlink socket and cause the service to crash.

Remediation

Install update from vendor's website.

ID:6118 - Exploit for NULL pointer dereference in Linux kernel - CVE-2017-11176

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human