CVE-2017-6074
- Source
- https://cve.org/CVERecord?id=CVE-2017-6074
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6074.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-6074
- Downstream
- Related
- Published
- 2017-02-18T21:59:00.237Z
- Modified
- 2026-03-12T22:39:29.430681Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The dccprcvstateprocess function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCPPKTREQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6RECVPKTINFO setsockopt system call.
- References
-
- http://rhn.redhat.com/errata/RHSA-2017-0324.html
- http://rhn.redhat.com/errata/RHSA-2017-0346.html
- http://rhn.redhat.com/errata/RHSA-2017-0403.html
- http://www.securityfocus.com/bid/96310
- https://access.redhat.com/errata/RHSA-2017:0932
- https://www.exploit-db.com/exploits/41458/
- https://www.tenable.com/security/tns-2017-07
- http://rhn.redhat.com/errata/RHSA-2017-0293.html
- http://rhn.redhat.com/errata/RHSA-2017-0316.html
- http://rhn.redhat.com/errata/RHSA-2017-0347.html
- http://www.securitytracker.com/id/1037876
- https://www.exploit-db.com/exploits/41457/
- http://rhn.redhat.com/errata/RHSA-2017-0295.html
- http://rhn.redhat.com/errata/RHSA-2017-0323.html
- http://www.debian.org/security/2017/dsa-3791
- https://access.redhat.com/errata/RHSA-2017:1209
- https://source.android.com/security/bulletin/2017-07-01
- http://rhn.redhat.com/errata/RHSA-2017-0294.html
- http://rhn.redhat.com/errata/RHSA-2017-0345.html
- http://rhn.redhat.com/errata/RHSA-2017-0365.html
- http://rhn.redhat.com/errata/RHSA-2017-0366.html
- http://rhn.redhat.com/errata/RHSA-2017-0501.html
- http://www.openwall.com/lists/oss-security/2017/02/22/3
- https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Affected packages
Git /
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6074.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.86"
}
]
},
{
"events": [
{
"introduced": "3.3"
},
{
"fixed": "3.10.106"
}
]
},
{
"events": [
{
"introduced": "3.11"
},
{
"fixed": "3.12.71"
}
]
},
{
"events": [
{
"introduced": "3.13"
},
{
"fixed": "3.16.41"
}
]
},
{
"events": [
{
"introduced": "3.17"
},
{
"fixed": "3.18.49"
}
]
},
{
"events": [
{
"introduced": "3.19"
},
{
"fixed": "4.1.41"
}
]
},
{
"events": [
{
"introduced": "4.2"
},
{
"fixed": "4.4.52"
}
]
},
{
"events": [
{
"introduced": "4.5"
},
{
"fixed": "4.9.13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
}
]