#VU7244 Double free error in Linux kernel


| Updated: 2017-06-30

Vulnerability identifier: #VU7244

Vulnerability risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-8890

CWE-ID: CWE-415

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description
The vulnerability allows a remote attacker to perform a denial of service attack.

The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.

Mitigation
Install the latest kernel version from vendor's repository.

Vulnerable software versions

Linux kernel: 4.10.0 - 4.10.15

External links
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f...
http://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE Linux update for Linux Kernel Live Patch 21 for SLE 12 SP1
SUSE Linux update for Linux Kernel Live Patch 20 for SLE 12 SP1
SUSE Linux update for Linux Kernel Live Patch 18 for SLE 12 SP1
SUSE Linux update for Linux Kernel Live Patch 15 for SLE 12 SP1
SUSE Linux update for Linux Kernel Live Patch 14 for SLE 12 SP1
SUSE Linux update for Linux Kernel Live Patch 16 for SLE 12 SP1
SUSE Linux update for Linux Kernel Live Patch 17 for SLE 12 SP1
SUSE Linux update for Linux Kernel Live Patch 6 for SLE 12 SP2
SUSE Linux update for Linux Kernel Live Patch 9 for SLE 12 SP2
SUSE Linux update for Linux Kernel Live Patch 7 for SLE 12 SP2