Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-10661Use After Free in Kernel

CWE-416Use After FreeCWE-362Race Condition12 documents10 sources
Severity
7.0HIGHNVD
EPSS
30.0%
top 3.34%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Linux KernelDebian LinuxRedhat Enterprise Linux+3 more
Timeline
PublishedAug 19
Latest updateMay 14

Description

Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

NVDlinux/linux_kernel3.33.16.47+6
Debianlinux/linux_kernel< 4.9.30-1+3

Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 7.0, 7.4, 7.5

Patches

Patch: git.kernel.orgPatch: github.comPatch: source.android.com

🔴Vulnerability Details

4
GHSA
GHSA-gg87-xrj2-3r8m: Race condition in fs/timerfd2022-05-14
OSV
linux vulnerabilities2017-10-31
CVEList
CVE-2017-10661: Race condition in fs/timerfd2017-08-19
OSV
CVE-2017-10661: Race condition in fs/timerfd2017-08-19

💥Exploits & PoCs

1
Exploit-DB
Linux kernel < 4.10.15 - Race Condition Privilege Escalation2017-12-15

📋Vendor Advisories

5
Ubuntu
Linux kernel vulnerabilities2017-10-31
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2017-10-31
Android
CVE-2017-10661: File system2017-08-01
Red Hat
kernel: Handling of might_cancel queueing is not properly pretected against race2017-02-10
Debian
CVE-2017-10661: linux - Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local u...2017

💬Community

1
Bugzilla
CVE-2017-10661 kernel: Handling of might_cancel queueing is not properly pretected against race2017-08-14
CVE-2017-10661 — Use After Free in Linux Kernel | cvebase