fix a use-after-free in sys_mq_notify() in kernel-mqueue CVE-2017-11176 critical remote

asked 2017-07-18 17:12:20 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-08-24 09:25:52 +0300

lpr gravatar image

The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact. high (attack range: remote) CVSS v3 Base Score: 9.8 Critical

Patch is available

file affected: kernel-adaptation-sbj-3.4.108.20161101.1/ipc/mqueue.c lines 1088-1095

edit retag flag offensive close delete

Comments

@jovirkku this should have a "tracked by jolla" label

lpr ( 2017-09-19 09:45:09 +0300 )edit