use-after-free in DCCP code in kernel-net-dccp CVE-2017-8824
Tracked by Jolla
(Rejected)
asked 2018-01-16 09:55:50 +0200
This post is a wiki. Anyone with karma >75 is welcome to improve it.
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
Patch is available. (Score: 7.8high / local)
File affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/dccp/proto.c lines 252-256; 271-276