Main
Vulnerability Database
Exploits
ID:6421 - Exploit for Use-after-free error in Linux kernel - CVE-2017-8824
ID:6421 - Exploit for Use-after-free error in Linux kernel - CVE-2017-8824
Published: June 17, 2021
Vulnerability identifier: #VU9767
Vulnerability risk: Low
CVE-ID: CVE-2017-8824
CWE-ID: CWE-416
Exploitation vector: Local access
Vulnerable software:
Linux kernel
Linux kernel
Link to public exploit:
Vulnerability description
The vulnerability allows a local attacker to gain elevated privileges or cause DoS condition on the target system.
The weakness exists due to an error in the dccp_disconnect function in net/dccp/proto.c in the Linux kernel. A local attacker can make specially crafted AF_UNSPEC connect system call during the DCCP_LISTEN state, trigger use-after-free error and gain root privileges or cause the system to crash.
The weakness exists due to an error in the dccp_disconnect function in net/dccp/proto.c in the Linux kernel. A local attacker can make specially crafted AF_UNSPEC connect system call during the DCCP_LISTEN state, trigger use-after-free error and gain root privileges or cause the system to crash.
Remediation
Update to version 4.14.3.