CVE-2017-15649

HIGH

Linux Kernel < 4.13.6 - Use-After-Free via Packet Fanout Race Condition

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-15649. PoCs published by SecuriTeam.

AI-analyzed exploit summary This is a working proof-of-concept exploit for CVE-2017-15649, a use-after-free vulnerability in the Linux Kernel's AF_PACKET implementation. The exploit triggers a race condition between fanout_add and bind operations, leading to a kernel crash or potential privilege escalation.

Description

net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346.

Exploits (1)

exploitdb WORKING POC

by SecuriTeam · doslinux

https://www.exploit-db.com/exploits/44053

View Code ZIP pw:eip

This is a working proof-of-concept exploit for CVE-2017-15649, a use-after-free vulnerability in the Linux Kernel's AF_PACKET implementation. The exploit triggers a race condition between fanout_add and bind operations, leading to a kernel crash or potential privilege escalation.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: Linux Kernel (versions prior to 4.14-rc2)

No auth needed

Prerequisites: Kernel with AF_PACKET support · KASAN enabled for crash reporting

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14

Core References

Third Party Advisory x_refsource_misc

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110

Third Party Advisory x_refsource_misc

https://blogs.securiteam.com/index.php/archives/3484

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/101573

Mailing List mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:0181

Issue Tracking, Third Party Advisory x_refsource_misc

http://patchwork.ozlabs.org/patch/813945/

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3754-1/

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:0152

Third Party Advisory x_refsource_misc

http://patchwork.ozlabs.org/patch/818726/

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:0151

Third Party Advisory x_refsource_misc

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e

Patch, Third Party Advisory x_refsource_misc

https://github.com/torvalds/linux/commit/4971613c1639d8e5f102c4e797c3bf8f83a5a69e

View Patch ZIP pw:eip

Exploit, Third Party Advisory x_refsource_misc

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6

Patch, Third Party Advisory x_refsource_misc

https://github.com/torvalds/linux/commit/008ba2a13f2d04c947adc536d19debb8fe66f110

View Patch ZIP pw:eip

Scores

CVSS v3 7.8

EPSS 0.0097

EPSS Percentile 57.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-362

Status published

Products (1)

linux/linux_kernel < 4.13.5

Published Oct 19, 2017

Tracked Since Feb 18, 2026