#VU5869 Resource management error in Linux kernel

Published: 2020-03-18 | Updated: 2020-04-07

Vulnerability identifier: #VU5869

Vulnerability risk: Low


CVE-ID: CVE-2017-6074


Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation


The vulnerability allows a local user to cause kernel panic.

The vulnerability exists due to invalid free in the dccp_rcv_state_process() function in net/dccp/input.c file in the Linux kernel through 4.9.11 when processing DCCP_PKT_REQUEST packet data structures in the LISTEN state. A local user can use userspace application to make an IPV6_RECVPKTINFO setsockopt system call and cause kernel panic.

Successful exploitation of this vulnerability may result in denial of service condition.

Install patch from GIT repository.

Vulnerable software versions

Linux kernel: 4.1.1 - 4.9.11


External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability