fix a use-after-free in sys_mq_notify() in kernel-mqueue CVE-2017-11176 critical remote

asked 2017-07-18 17:12:20 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-08-10 12:41:19 +0300

lpr gravatar image

The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact. high (attack range: remote) CVSS v3 Base Score: 9.8 Critical

Patch is available

File affected: kernel-adaptation-sbj-3.4.108.20161101.1/ipc/mqueue.c lines 1088-1095

edit retag flag offensive close delete