Double free

2017-05-1016:29:00

PRIOn knowledge base

www.prio-n.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

30.4%

JSON

The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.

CPENameOperatorVersion
debian_linuxeq8.0
debian_linuxeq9.0
linux_kernellt3.2.89
linux_kernelge3.3
linux_kernellt3.10.106
linux_kernelge3.19
linux_kernellt4.1.42
linux_kernelge3.11
linux_kernellt3.16.44
linux_kernelge3.17

Name	Operator	Version
debian_linux	eq	8.0
debian_linux	eq	9.0
linux_kernel	lt	3.2.89
linux_kernel	ge	3.3
linux_kernel	lt	3.10.106
linux_kernel	ge	3.19
linux_kernel	lt	4.1.42
linux_kernel	ge	3.11
linux_kernel	lt	3.16.44
linux_kernel	ge	3.17