CVE-2017-8824
published 2017-12-05CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service…
PriorityP348high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
1.35%
68.1th percentile
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 4.14.7-1 (bookworm) | linux 4.14.7-1 (bookworm) |
| linux | linux_kernel | >= 0 < 4.14.7-1 | 4.14.7-1 |
| linux | linux_kernel | >= 0 < 4.14.7-1 | 4.14.7-1 |
| linux | linux_kernel | >= 0 < 4.14.7-1 | 4.14.7-1 |
| linux | linux_kernel | >= 0 < 4.14.7-1 | 4.14.7-1 |
| linux | linux_kernel | >= 0 < 3.13.0-142.191 | 3.13.0-142.191 |
| linux | linux_kernel | >= 0 < 4.4.0-116.140 | 4.4.0-116.140 |
| linux | linux_kernel | >= 2.6.14 < 3.2.97 | 3.2.97 |
| linux | linux_kernel | >= 3.17 < 3.18.95 | 3.18.95 |
| linux | linux_kernel | >= 3.19 < 4.1.50 | 4.1.50 |
| linux | linux_kernel | >= 3.3 < 3.16.52 | 3.16.52 |
| linux | linux_kernel | >= 4.10 < 4.14.20 | 4.14.20 |
| linux | linux_kernel | >= 4.2 < 4.4.116 | 4.4.116 |
| linux | linux_kernel | >= 4.5 < 4.9.82 | 4.9.82 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel (Raspberry Pi 2) vulnerabilities
vendor_ubuntu·2018-02-23·CVSS 7.8
CVE-2017-15115 [HIGH] Linux kernel (Raspberry Pi 2) vulnerabilities
Title: Linux kernel (Raspberry Pi 2) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Mohamed Ghannam discovered that the IPv4 raw socket implementation in the
Linux kernel contained a race condition leading to uninitialized pointer
usage. A local attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2017-17712)
ChunYu Wang discovered that a use-after-free vulnerability existed in the
SCTP protocol implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code, (CVE-2017-15115)
Mohamed Ghannam discovered a use-after-free vulnerability in the DCCP
protocol implementation in the Linux kernel. A local attacker could use
this to cause a
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2018-02-23·CVSS 7.8
CVE-2017-0750 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that an out-of-bounds write vulnerability existed in the
Flash-Friendly File System (f2fs) in the Linux kernel. An attacker could
construct a malicious file system that, when mounted, could cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-0750)
It was discovered that a race condition leading to a use-after-free
vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-0861)
It was discovered that the KVM implementation in the Linux kernel allowed
passthrough of the diagnostic I/O port 0x80. An attacke
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities
vendor_ubuntu·2018-02-23·CVSS 7.8
CVE-2017-0750 [HIGH] Linux kernel (Trusty HWE) vulnerabilities
Title: Linux kernel (Trusty HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3583-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 ESM.
It was discovered that an out-of-bounds write vulnerability existed in the
Flash-Friendly File System (f2fs) in the Linux kernel. An attacker could
construct a malicious file system that, when mounted, could cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-0750)
It was discovered that a race condition leading to a use-after-free
vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
local attacker could use this
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2018-02-22·CVSS 7.8
CVE-2017-15115 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Mohamed Ghannam discovered that the IPv4 raw socket implementation in the
Linux kernel contained a race condition leading to uninitialized pointer
usage. A local attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2017-17712)
ChunYu Wang discovered that a use-after-free vulnerability existed
in the SCTP protocol implementation in the Linux kernel. A local
attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code, (CVE-2017-15115)
Mohamed Ghannam discovered a use-after-free vulnerability in the DCCP
protocol implementation in the Linux kernel. A local attacker could use
this to cause a denial of servic
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2018-02-22·CVSS 7.8
CVE-2017-15115 [HIGH] Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3581-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.
Mohamed Ghannam discovered that the IPv4 raw socket implementation in the
Linux kernel contained a race condition leading to uninitialized pointer
usage. A local attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2017-17712)
ChunYu Wang discovered that a use-after-free vulnerability existed
in the SCTP protocol implementation in the Linux kernel. A local
attacker could use this to cause a denial of service (system crash)
or possibly exec
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities
vendor_ubuntu·2018-02-22·CVSS 5.5
CVE-2015-8952 [MEDIUM] Linux kernel (Xenial HWE) vulnerabilities
Title: Linux kernel (Xenial HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3582-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
Mohamed Ghannam discovered that the IPv4 raw socket implementation in the
Linux kernel contained a race condition leading to uninitialized pointer
usage. A local attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2017-17712)
Laurent Guerby discovered that the mbcache feature in the ext2 and ext4
filesystems in the Linux kernel improperly handled xattr block caching. A
local attacker could use this to cause a denial of serv
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2018-02-22·CVSS 5.5
CVE-2015-8952 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Mohamed Ghannam discovered that the IPv4 raw socket implementation in the
Linux kernel contained a race condition leading to uninitialized pointer
usage. A local attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2017-17712)
Laurent Guerby discovered that the mbcache feature in the ext2 and ext4
filesystems in the Linux kernel improperly handled xattr block caching. A
local attacker could use this to cause a denial of service. (CVE-2015-8952)
Vitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel
did not properly track reference counts when merging buffers. A local
attacker could use this to cause a denial of service (memory e
Red Hat
kernel: Use-after-free vulnerability in DCCP socket
vendor_redhat·2017-12-05·CVSS 7.8
CVE-2017-8824 [HIGH] CWE-416 kernel: Use-after-free vulnerability in DCCP socket
kernel: Use-after-free vulnerability in DCCP socket
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
A use-after-free vulnerability was found in DCCP socket code affecting the Linux kernel since 2.6.16. This vulnerability could allow an attacker to their escalate privileges.
Statement: This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7, Red Hat Enterprise MRG 2 and real-time kernels. Future updates for the respective releases may address this issue.
This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 for ARM and
Debian
CVE-2017-8824: linux - The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.1...
vendor_debian·2017·CVSS 7.8
CVE-2017-8824 [HIGH] CVE-2017-8824: linux - The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.1...
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
Scope: local
bookworm: resolved (fixed in 4.14.7-1)
bullseye: resolved (fixed in 4.14.7-1)
forky: resolved (fixed in 4.14.7-1)
sid: resolved (fixed in 4.14.7-1)
trixie: resolved (fixed in 4.14.7-1)
GHSA
GHSA-q4r2-vpw8-hwg5: The dccp_disconnect function in net/dccp/proto
ghsa_unreviewed·2022-05-14
CVE-2017-8824 [HIGH] CWE-416 GHSA-q4r2-vpw8-hwg5: The dccp_disconnect function in net/dccp/proto
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
Kernel
dccp: check sk for closed state in dccp_sendmsg()
kernel_security·2018-03-06·CVSS 7.8
CVE-2017-8824 [HIGH] dccp: check sk for closed state in dccp_sendmsg()
dccp: check sk for closed state in dccp_sendmsg()
dccp_disconnect() sets 'dp->dccps_hc_tx_ccid' tx handler to NULL,
therefore if DCCP socket is disconnected and dccp_sendmsg() is
called after it, it will cause a NULL pointer dereference in
dccp_write_xmit().
This crash and the reproducer was reported by syzbot. Looks like
it is reproduced if commit 69c64866ce07 ("dccp: CVE-2017-8824:
use-after-free in DCCP code") is applied.
Reported-by: [email protected]
Signed-off-by: Alexey Kodanev
Signed-off-by: David S. Miller
OSV
linux vulnerabilities
osv·2018-02-23·CVSS 7.8
CVE-2017-0750 [HIGH] linux vulnerabilities
linux vulnerabilities
It was discovered that an out-of-bounds write vulnerability existed in the
Flash-Friendly File System (f2fs) in the Linux kernel. An attacker could
construct a malicious file system that, when mounted, could cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-0750)
It was discovered that a race condition leading to a use-after-free
vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-0861)
It was discovered that the KVM implementation in the Linux kernel allowed
passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM
could use this to cause a denial of service (system crash) in th
OSV
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
osv·2018-02-22·CVSS 5.5
CVE-2017-17712 [MEDIUM] linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Mohamed Ghannam discovered that the IPv4 raw socket implementation in the
Linux kernel contained a race condition leading to uninitialized pointer
usage. A local attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2017-17712)
Laurent Guerby discovered that the mbcache feature in the ext2 and ext4
filesystems in the Linux kernel improperly handled xattr block caching. A
local attacker could use this to cause a denial of service. (CVE-2015-8952)
Vitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel
did not properly track reference counts when merging buffers. A local
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2017-1219
OSV
linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities
osv·2018-02-22·CVSS 7.8
[HIGH] linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities
linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities
USN-3581-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.
Mohamed Ghannam discovered that the IPv4 raw socket implementation in the
Linux kernel contained a race condition leading to uninitialized pointer
usage. A local attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2017-17712)
ChunYu Wang discovered that a use-after-free vulnerability existed
in the SCTP protocol implementation in the Linux kernel. A local
attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code, (CVE-2017-15115)
Mohamed G
OSV
linux-lts-xenial, linux-aws vulnerabilities
osv·2018-02-22·CVSS 5.5
[MEDIUM] linux-lts-xenial, linux-aws vulnerabilities
linux-lts-xenial, linux-aws vulnerabilities
USN-3582-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
Mohamed Ghannam discovered that the IPv4 raw socket implementation in the
Linux kernel contained a race condition leading to uninitialized pointer
usage. A local attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2017-17712)
Laurent Guerby discovered that the mbcache feature in the ext2 and ext4
filesystems in the Linux kernel improperly handled xattr block caching. A
local attacker could use this to cause a denial of service. (CVE-2015-8952)
Vitaly Mayatskikh discovered that the SCSI subsys
OSV
CVE-2017-8824: The dccp_disconnect function in net/dccp/proto
osv·2017-12-05·CVSS 7.8
CVE-2017-8824 [HIGH] CVE-2017-8824: The dccp_disconnect function in net/dccp/proto
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
Kernel
dccp: CVE-2017-8824: use-after-free in DCCP code
kernel_security·2017-12-05·CVSS 7.8
CVE-2017-8824 [HIGH] dccp: CVE-2017-8824: use-after-free in DCCP code
dccp: CVE-2017-8824: use-after-free in DCCP code
Whenever the sock object is in DCCP_CLOSED state,
dccp_disconnect() must free dccps_hc_tx_ccid and
dccps_hc_rx_ccid and set to NULL.
Signed-off-by: Mohamed Ghannam
Reviewed-by: Eric Dumazet
Signed-off-by: David S. Miller
No detection rules found.
Bugzilla
CVE-2017-8824 kernel: Use-after-free vulnerability in DCCP socket [fedora-all]
bugzilla·2017-12-05·CVSS 7.8
CVE-2017-8824 [HIGH] CVE-2017-8824 kernel: Use-after-free vulnerability in DCCP socket [fedora-all]
CVE-2017-8824 kernel: Use-after-free vulnerability in DCCP socket [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported version
Bugzilla
CVE-2017-8824 kernel: Use-after-free vulnerability in DCCP socket
bugzilla·2017-12-01·CVSS 7.8
CVE-2017-8824 [HIGH] CVE-2017-8824 kernel: Use-after-free vulnerability in DCCP socket
CVE-2017-8824 kernel: Use-after-free vulnerability in DCCP socket
Use-after-free vulnerability was found in DCCP socket code affecting kernel since at least 2.6.16, potentially allowing attacker to cause privilege escalation.
References:
http://www.openwall.com/lists/oss-security/2017/12/05/1
http://www.spinics.net/lists/netdev/msg469985.html
http://lists.openwall.net/netdev/2017/12/04/224
An upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=69c64866ce072dea1d1e59a0d61e0f66c0dffb76
Discussion:
Acknowledgments:
Name: Mohamed Ghannam
---
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1520764]
---
Statement:
This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7, Re
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.htmlhttp://lists.openwall.net/netdev/2017/12/04/224http://www.openwall.com/lists/oss-security/2017/12/05/1http://www.securityfocus.com/bid/102056https://access.redhat.com/errata/RHSA-2018:0399https://access.redhat.com/errata/RHSA-2018:0676https://access.redhat.com/errata/RHSA-2018:1062https://access.redhat.com/errata/RHSA-2018:1130https://access.redhat.com/errata/RHSA-2018:1170https://access.redhat.com/errata/RHSA-2018:1216https://access.redhat.com/errata/RHSA-2018:1319https://access.redhat.com/errata/RHSA-2018:3822https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0https://lists.debian.org/debian-lts-announce/2017/12/msg00004.htmlhttps://usn.ubuntu.com/3581-1/https://usn.ubuntu.com/3581-2/https://usn.ubuntu.com/3581-3/https://usn.ubuntu.com/3582-1/https://usn.ubuntu.com/3582-2/https://usn.ubuntu.com/3583-1/https://usn.ubuntu.com/3583-2/https://www.debian.org/security/2017/dsa-4073https://www.debian.org/security/2018/dsa-4082https://www.exploit-db.com/exploits/43234/http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.htmlhttp://lists.openwall.net/netdev/2017/12/04/224http://www.openwall.com/lists/oss-security/2017/12/05/1http://www.securityfocus.com/bid/102056https://access.redhat.com/errata/RHSA-2018:0399https://access.redhat.com/errata/RHSA-2018:0676https://access.redhat.com/errata/RHSA-2018:1062https://access.redhat.com/errata/RHSA-2018:1130https://access.redhat.com/errata/RHSA-2018:1170https://access.redhat.com/errata/RHSA-2018:1216https://access.redhat.com/errata/RHSA-2018:1319https://access.redhat.com/errata/RHSA-2018:3822https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0https://lists.debian.org/debian-lts-announce/2017/12/msg00004.htmlhttps://usn.ubuntu.com/3581-1/https://usn.ubuntu.com/3581-2/https://usn.ubuntu.com/3581-3/https://usn.ubuntu.com/3582-1/https://usn.ubuntu.com/3582-2/https://usn.ubuntu.com/3583-1/https://usn.ubuntu.com/3583-2/https://www.debian.org/security/2017/dsa-4073https://www.debian.org/security/2018/dsa-4082https://www.exploit-db.com/exploits/43234/
2017-12-05
Published