Vulnerability Details CVE-2017-6874
Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction between put_ucounts and get_ucounts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.0%
CVSS Severity
CVSS v3 Score 7.0
CVSS v2 Score 6.9
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=040757f738e13caaa9c5078bca79aa97e11dde88
- http://www.securityfocus.com/bid/96856
- https://github.com/torvalds/linux/commit/040757f738e13caaa9c5078bca79aa97e11dde88
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=040757f738e13caaa9c5078bca79aa97e11dde88
- http://www.securityfocus.com/bid/96856
- https://github.com/torvalds/linux/commit/040757f738e13caaa9c5078bca79aa97e11dde88
Products affected by CVE-2017-6874
-
cpe:2.3:o:linux:linux_kernel:4.10
-
cpe:2.3:o:linux:linux_kernel:4.10.1
-
cpe:2.3:o:linux:linux_kernel:4.10.2
-
cpe:2.3:o:linux:linux_kernel:4.10.3
-
cpe:2.3:o:linux:linux_kernel:4.9
-
cpe:2.3:o:linux:linux_kernel:4.9.0
-
cpe:2.3:o:linux:linux_kernel:4.9.1
-
cpe:2.3:o:linux:linux_kernel:4.9.10
-
cpe:2.3:o:linux:linux_kernel:4.9.11
-
cpe:2.3:o:linux:linux_kernel:4.9.12
-
cpe:2.3:o:linux:linux_kernel:4.9.13
-
cpe:2.3:o:linux:linux_kernel:4.9.14
-
cpe:2.3:o:linux:linux_kernel:4.9.15
-
cpe:2.3:o:linux:linux_kernel:4.9.2
-
cpe:2.3:o:linux:linux_kernel:4.9.3
-
cpe:2.3:o:linux:linux_kernel:4.9.4
-
cpe:2.3:o:linux:linux_kernel:4.9.5
-
cpe:2.3:o:linux:linux_kernel:4.9.6
-
cpe:2.3:o:linux:linux_kernel:4.9.7
-
cpe:2.3:o:linux:linux_kernel:4.9.8
-
cpe:2.3:o:linux:linux_kernel:4.9.9