CVE Vulnerabilities

CVE-2017-6074

Double Free

Published: Feb 18, 2017 | Modified: Apr 20, 2025
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
7.8 IMPORTANT
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu
HIGH

The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.

Weakness

The product calls free() twice on the same memory address.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux * 3.2.86 (excluding)
Linux_kernel Linux 3.3 (including) 3.10.106 (excluding)
Linux_kernel Linux 3.11 (including) 3.12.71 (excluding)
Linux_kernel Linux 3.13 (including) 3.16.41 (excluding)
Linux_kernel Linux 3.17 (including) 3.18.49 (excluding)
Linux_kernel Linux 3.19 (including) 4.1.41 (excluding)
Linux_kernel Linux 4.2 (including) 4.4.52 (excluding)
Linux_kernel Linux 4.5 (including) 4.9.13 (excluding)
Red Hat Enterprise Linux 5 RedHat kernel-0:2.6.18-419.el5 *
Red Hat Enterprise Linux 5.6 Long Life RedHat kernel-0:2.6.18-238.58.1.el5 *
Red Hat Enterprise Linux 5.9 Long Life RedHat kernel-0:2.6.18-348.33.1.el5 *
Red Hat Enterprise Linux 6 RedHat kernel-0:2.6.32-642.13.2.el6 *
Red Hat Enterprise Linux 6.2 Advanced Update Support RedHat kernel-0:2.6.32-220.70.1.el6 *
Red Hat Enterprise Linux 6.4 Advanced Update Support RedHat kernel-0:2.6.32-358.77.1.el6 *
Red Hat Enterprise Linux 6.5 Advanced Update Support RedHat kernel-0:2.6.32-431.78.1.el6 *
Red Hat Enterprise Linux 6.5 Telco Extended Update Support RedHat kernel-0:2.6.32-431.78.1.el6 *
Red Hat Enterprise Linux 6.6 Advanced Update Support RedHat kernel-0:2.6.32-504.57.1.el6 *
Red Hat Enterprise Linux 6.6 Telco Extended Update Support RedHat kernel-0:2.6.32-504.57.1.el6 *
Red Hat Enterprise Linux 6.7 Extended Update Support RedHat kernel-0:2.6.32-573.40.1.el6 *
Red Hat Enterprise Linux 7 RedHat kernel-rt-0:3.10.0-514.6.1.rt56.430.el7 *
Red Hat Enterprise Linux 7 RedHat kernel-0:3.10.0-514.6.2.el7 *
Red Hat Enterprise Linux 7.1 Extended Update Support RedHat kernel-0:3.10.0-229.49.1.el7 *
Red Hat Enterprise Linux 7.2 Extended Update Support RedHat kernel-0:3.10.0-327.49.2.el7 *
Red Hat Enterprise MRG 2 RedHat kernel-rt-1:3.10.0-514.rt56.219.el6rt *
RHEV 3.X Hypervisor and Agents for RHEL-6 RedHat rhev-hypervisor7-0:7.3-20170425.0.el6ev *
RHEV 3.X Hypervisor and Agents for RHEL-7 RedHat rhev-hypervisor7-0:7.3-20170425.0.el7ev *
Linux Ubuntu esm-infra-legacy/trusty *
Linux Ubuntu esm-infra/xenial *
Linux Ubuntu precise *
Linux Ubuntu precise/esm *
Linux Ubuntu trusty *
Linux Ubuntu trusty/esm *
Linux Ubuntu upstream *
Linux Ubuntu vivid/ubuntu-core *
Linux Ubuntu xenial *
Linux Ubuntu yakkety *
Linux-armadaxp Ubuntu precise *
Linux-armadaxp Ubuntu upstream *
Linux-aws Ubuntu esm-infra/xenial *
Linux-aws Ubuntu upstream *
Linux-aws Ubuntu xenial *
Linux-azure Ubuntu upstream *
Linux-azure-edge Ubuntu upstream *
Linux-euclid Ubuntu upstream *
Linux-euclid Ubuntu xenial *
Linux-flo Ubuntu trusty *
Linux-flo Ubuntu upstream *
Linux-flo Ubuntu vivid/stable-phone-overlay *
Linux-flo Ubuntu xenial *
Linux-flo Ubuntu yakkety *
Linux-gcp Ubuntu upstream *
Linux-gke Ubuntu upstream *
Linux-goldfish Ubuntu trusty *
Linux-goldfish Ubuntu upstream *
Linux-goldfish Ubuntu xenial *
Linux-goldfish Ubuntu yakkety *
Linux-goldfish Ubuntu zesty *
Linux-grouper Ubuntu trusty *
Linux-grouper Ubuntu upstream *
Linux-hwe Ubuntu esm-infra/xenial *
Linux-hwe Ubuntu upstream *
Linux-hwe Ubuntu xenial *
Linux-hwe-edge Ubuntu esm-infra/xenial *
Linux-hwe-edge Ubuntu upstream *
Linux-hwe-edge Ubuntu xenial *
Linux-kvm Ubuntu upstream *
Linux-linaro-omap Ubuntu precise *
Linux-linaro-omap Ubuntu upstream *
Linux-linaro-shared Ubuntu precise *
Linux-linaro-shared Ubuntu upstream *
Linux-linaro-vexpress Ubuntu precise *
Linux-linaro-vexpress Ubuntu upstream *
Linux-lts-quantal Ubuntu precise *
Linux-lts-quantal Ubuntu precise/esm *
Linux-lts-quantal Ubuntu upstream *
Linux-lts-raring Ubuntu precise *
Linux-lts-raring Ubuntu precise/esm *
Linux-lts-raring Ubuntu upstream *
Linux-lts-saucy Ubuntu precise *
Linux-lts-saucy Ubuntu precise/esm *
Linux-lts-saucy Ubuntu upstream *
Linux-lts-trusty Ubuntu precise *
Linux-lts-trusty Ubuntu precise/esm *
Linux-lts-trusty Ubuntu upstream *
Linux-lts-utopic Ubuntu trusty *
Linux-lts-utopic Ubuntu upstream *
Linux-lts-vivid Ubuntu trusty *
Linux-lts-vivid Ubuntu upstream *
Linux-lts-wily Ubuntu trusty *
Linux-lts-wily Ubuntu upstream *
Linux-lts-xenial Ubuntu esm-infra-legacy/trusty *
Linux-lts-xenial Ubuntu trusty *
Linux-lts-xenial Ubuntu trusty/esm *
Linux-lts-xenial Ubuntu upstream *
Linux-maguro Ubuntu trusty *
Linux-maguro Ubuntu upstream *
Linux-mako Ubuntu trusty *
Linux-mako Ubuntu upstream *
Linux-mako Ubuntu vivid/stable-phone-overlay *
Linux-mako Ubuntu xenial *
Linux-mako Ubuntu yakkety *
Linux-manta Ubuntu trusty *
Linux-manta Ubuntu upstream *
Linux-oem Ubuntu upstream *
Linux-oem Ubuntu xenial *
Linux-qcm-msm Ubuntu precise *
Linux-qcm-msm Ubuntu upstream *
Linux-raspi2 Ubuntu upstream *
Linux-raspi2 Ubuntu vivid/ubuntu-core *
Linux-raspi2 Ubuntu xenial *
Linux-raspi2 Ubuntu yakkety *
Linux-snapdragon Ubuntu upstream *
Linux-snapdragon Ubuntu xenial *
Linux-snapdragon Ubuntu yakkety *
Linux-ti-omap4 Ubuntu precise *
Linux-ti-omap4 Ubuntu upstream *

Potential Mitigations

References