CVE-2017-11176
published 2017-07-11CVE-2017-11176: The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a…
PriorityP342high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
3.63%
88.1th percentile
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 4.11.11-1 (bookworm) | linux 4.11.11-1 (bookworm) |
| linux | linux_kernel | < 3.2.92 | 3.2.92 |
| linux | linux_kernel | >= 0 < 4.11.11-1 | 4.11.11-1 |
| linux | linux_kernel | >= 0 < 4.11.11-1 | 4.11.11-1 |
| linux | linux_kernel | >= 0 < 4.11.11-1 | 4.11.11-1 |
| linux | linux_kernel | >= 0 < 4.11.11-1 | 4.11.11-1 |
| linux | linux_kernel | >= 0 < 3.13.0-135.184 | 3.13.0-135.184 |
| linux | linux_kernel | >= 0 < 4.4.0-93.116 | 4.4.0-93.116 |
| linux | linux_kernel | >= 3.17 < 3.18.61 | 3.18.61 |
| linux | linux_kernel | >= 3.19 < 4.1.43 | 4.1.43 |
| linux | linux_kernel | >= 3.3 < 3.16.47 | 3.16.47 |
| linux | linux_kernel | >= 4.10 < 4.11.11 | 4.11.11 |
| linux | linux_kernel | >= 4.12 < 4.12.2 | 4.12.2 |
| linux | linux_kernel | >= 4.2 < 4.4.77 | 4.4.77 |
| linux | linux_kernel | >= 4.5 < 4.9.38 | 4.9.38 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h5wm-hc9w-hp9m: The mq_notify function in the Linux kernel through 4
ghsa_unreviewed·2022-05-14
CVE-2017-11176 [HIGH] CWE-416 GHSA-h5wm-hc9w-hp9m: The mq_notify function in the Linux kernel through 4
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.
OSV
linux vulnerabilities
osv·2017-10-31·CVSS 7.8
CVE-2016-8632 [HIGH] linux vulnerabilities
linux vulnerabilities
Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()
function in the Linux kernel. A local attacker could use to cause a denial
of service (system crash) or possibly execute arbitrary code with
administrative privileges. (CVE-2016-8632)
Dmitry Vyukov discovered that a race condition existed in the timerfd
subsystem of the Linux kernel when handling might_cancel queuing. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-10661)
It was discovered that the Flash-Friendly File System (f2fs) implementation
in the Linux kernel did not properly validate superblock metadata. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary co
OSV
linux-gcp vulnerabilities
osv·2017-10-31·CVSS 5.5
CVE-2017-1000252 [MEDIUM] linux-gcp vulnerabilities
linux-gcp vulnerabilities
It was discovered that the KVM subsystem in the Linux kernel did not
properly bound guest IRQs. A local attacker in a guest VM could use this to
cause a denial of service (host system crash). (CVE-2017-1000252)
It was discovered that the Flash-Friendly File System (f2fs) implementation
in the Linux kernel did not properly validate superblock metadata. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-10663)
Anthony Perard discovered that the Xen virtual block driver did not
properly initialize some data structures before passing them to user space.
A local attacker in a guest VM could use this to expose sensitive
information from the host OS or other guest VMs. (CVE-2017-10911)
It was disc
OSV
linux-hwe vulnerabilities
osv·2017-10-31·CVSS 5.5
CVE-2017-1000252 [MEDIUM] linux-hwe vulnerabilities
linux-hwe vulnerabilities
USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.
It was discovered that the KVM subsystem in the Linux kernel did not
properly bound guest IRQs. A local attacker in a guest VM could use this to
cause a denial of service (host system crash). (CVE-2017-1000252)
It was discovered that the Flash-Friendly File System (f2fs) implementation
in the Linux kernel did not properly validate superblock metadata. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-10663)
Anthony Perard discovered that the Xen virtual block driver did not
properly initi
OSV
linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
osv·2017-08-28·CVSS 5.5
CVE-2017-11176 [MEDIUM] linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that a use-after-free vulnerability existed in the POSIX
message queue implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-11176)
Huang Weller discovered that the ext4 filesystem implementation in the
Linux kernel mishandled a needs-flushing-before-commit list. A local
attacker could use this to expose sensitive information. (CVE-2017-7495)
It was discovered that a buffer overflow existed in the Broadcom FullMAC
WLAN driver in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7541)
It was discovered t
OSV
linux-lts-xenial vulnerabilities
osv·2017-08-28·CVSS 5.5
CVE-2017-11176 [MEDIUM] linux-lts-xenial vulnerabilities
linux-lts-xenial vulnerabilities
USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
It was discovered that a use-after-free vulnerability existed in the POSIX
message queue implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-11176)
Huang Weller discovered that the ext4 filesystem implementation in the
Linux kernel mishandled a needs-flushing-before-commit list. A local
attacker could use this to expose sensitive information. (CVE-2017-7495)
It was discovered that a buffer overflow existed in the Broadcom FullMAC
WLAN drive
OSV
CVE-2017-11176: The mq_notify function in the Linux kernel through 4
osv·2017-07-11·CVSS 7.8
CVE-2017-11176 [HIGH] CVE-2017-11176: The mq_notify function in the Linux kernel through 4
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2017-10-31·CVSS 5.5
CVE-2017-1000252 [MEDIUM] Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.
It was discovered that the KVM subsystem in the Linux kernel did not
properly bound guest IRQs. A local attacker in a guest VM could use this to
cause a denial of service (host system crash). (CVE-2017-1000252)
It was discovered that the Flash-Friendly File System (f2fs) implementation
in the Linux kernel did not properly validate superblock metadata. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-10663)
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2017-10-31·CVSS 5.5
CVE-2017-1000252 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the KVM subsystem in the Linux kernel did not
properly bound guest IRQs. A local attacker in a guest VM could use this to
cause a denial of service (host system crash). (CVE-2017-1000252)
It was discovered that the Flash-Friendly File System (f2fs) implementation
in the Linux kernel did not properly validate superblock metadata. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-10663)
Anthony Perard discovered that the Xen virtual block driver did not
properly initialize some data structures before passing them to user space.
A local attacker in a guest VM could use this to expose sensitive
in
Ubuntu
Linux kernel (GCP) vulnerabilities
vendor_ubuntu·2017-10-31·CVSS 5.5
CVE-2017-1000252 [MEDIUM] Linux kernel (GCP) vulnerabilities
Title: Linux kernel (GCP) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the KVM subsystem in the Linux kernel did not
properly bound guest IRQs. A local attacker in a guest VM could use this to
cause a denial of service (host system crash). (CVE-2017-1000252)
It was discovered that the Flash-Friendly File System (f2fs) implementation
in the Linux kernel did not properly validate superblock metadata. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-10663)
Anthony Perard discovered that the Xen virtual block driver did not
properly initialize some data structures before passing them to user space.
A local attacker in a guest VM could use this to expose sensit
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2017-10-31·CVSS 7.8
CVE-2016-8632 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()
function in the Linux kernel. A local attacker could use to cause a denial
of service (system crash) or possibly execute arbitrary code with
administrative privileges. (CVE-2016-8632)
Dmitry Vyukov discovered that a race condition existed in the timerfd
subsystem of the Linux kernel when handling might_cancel queuing. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-10661)
It was discovered that the Flash-Friendly File System (f2fs) implementation
in the Linux kernel did not properly validate superblock metadata. A local
attacker could use t
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities
vendor_ubuntu·2017-10-31·CVSS 7.8
CVE-2016-8632 [HIGH] Linux kernel (Trusty HWE) vulnerabilities
Title: Linux kernel (Trusty HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3470-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 ESM.
Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()
function in the Linux kernel. A local attacker could use to cause a denial
of service (system crash) or possibly execute arbitrary code with
administrative privileges. (CVE-2016-8632)
Dmitry Vyukov discovered that a race condition existed in the timerfd
subsystem of the Linux kernel when handling might_cancel queuing. A local
attacker could use this to cause a denial of service (system crash
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities
vendor_ubuntu·2017-08-28·CVSS 5.5
CVE-2015-7837 [MEDIUM] Linux kernel (Xenial HWE) vulnerabilities
Title: Linux kernel (Xenial HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
It was discovered that a use-after-free vulnerability existed in the POSIX
message queue implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-11176)
Huang Weller discovered that the ext4 filesystem implementation in the
Linux kernel mishandled a needs-flushing-before-commit list. A local
attacker could use this to expose sensitive information. (CVE-2017-7495)
I
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2017-08-28·CVSS 5.5
CVE-2015-7837 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that a use-after-free vulnerability existed in the POSIX
message queue implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-11176)
Huang Weller discovered that the ext4 filesystem implementation in the
Linux kernel mishandled a needs-flushing-before-commit list. A local
attacker could use this to expose sensitive information. (CVE-2017-7495)
It was discovered that a buffer overflow existed in the Broadcom FullMAC
WLAN driver in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-
Red Hat
kernel: Use-after-free in sys_mq_notify()
vendor_redhat·2017-07-09·CVSS 7.8
CVE-2017-11176 [HIGH] CWE-416 kernel: Use-after-free in sys_mq_notify()
kernel: Use-after-free in sys_mq_notify()
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.
A use-after-free flaw was found in the Netlink functionality of the Linux kernel networking subsystem. Due to the insufficient cleanup in the mq_notify function, a local attacker could potentially use this flaw to escalate their privileges on the system.
Statement: This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5,6,7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.
Package: kernel-alt
Debian
CVE-2017-11176: linux - The mq_notify function in the Linux kernel through 4.11.9 does not set the sock ...
vendor_debian·2017·CVSS 7.8
CVE-2017-11176 [HIGH] CVE-2017-11176: linux - The mq_notify function in the Linux kernel through 4.11.9 does not set the sock ...
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.
Scope: local
bookworm: resolved (fixed in 4.11.11-1)
bullseye: resolved (fixed in 4.11.11-1)
forky: resolved (fixed in 4.11.11-1)
sid: resolved (fixed in 4.11.11-1)
trixie: resolved (fixed in 4.11.11-1)
No detection rules found.
Bugzilla
CVE-2017-11176 kernel: Use-after-free in sys_mq_notify()
bugzilla·2017-07-13·CVSS 7.8
CVE-2017-11176 [HIGH] CVE-2017-11176 kernel: Use-after-free in sys_mq_notify()
CVE-2017-11176 kernel: Use-after-free in sys_mq_notify()
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to possibly cause a situation where a value may be used after being freed (Use after free) which may lead to memory corruption or other unspecified other impact.
Upstream patch:
https://github.com/torvalds/linux/commit/f991af3daabaecff34684fd51fac80319d1baad1
Mitre advisory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11176
What is use after free: https://access.redhat.com/use-after-free-flaw-type
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1470660]
---
kernel-4.11.11-200.fc25 has b
Bugzilla
CVE-2017-11176 kernel: Use-after-free in sys_mq_notify() [fedora-all]
bugzilla·2017-07-13·CVSS 7.8
CVE-2017-11176 [HIGH] CVE-2017-11176 kernel: Use-after-free in sys_mq_notify() [fedora-all]
CVE-2017-11176 kernel: Use-after-free in sys_mq_notify() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedo
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f991af3daabaecff34684fd51fac80319d1baad1http://www.debian.org/security/2017/dsa-3927http://www.debian.org/security/2017/dsa-3945http://www.securityfocus.com/bid/99919https://access.redhat.com/errata/RHSA-2017:2918https://access.redhat.com/errata/RHSA-2017:2930https://access.redhat.com/errata/RHSA-2017:2931https://access.redhat.com/errata/RHSA-2018:0169https://access.redhat.com/errata/RHSA-2018:3822https://github.com/torvalds/linux/commit/f991af3daabaecff34684fd51fac80319d1baad1https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0https://www.exploit-db.com/exploits/45553/http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f991af3daabaecff34684fd51fac80319d1baad1http://www.debian.org/security/2017/dsa-3927http://www.debian.org/security/2017/dsa-3945http://www.securityfocus.com/bid/99919https://access.redhat.com/errata/RHSA-2017:2918https://access.redhat.com/errata/RHSA-2017:2930https://access.redhat.com/errata/RHSA-2017:2931https://access.redhat.com/errata/RHSA-2018:0169https://access.redhat.com/errata/RHSA-2018:3822https://github.com/torvalds/linux/commit/f991af3daabaecff34684fd51fac80319d1baad1https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0https://www.exploit-db.com/exploits/45553/
2017-07-11
Published