CVE-2017-8824

HIGH

Linux kernel through 4.14.3 - Use-After-Free in DCCP Disconnect Handler

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-8824. PoCs published by Mohamed Ghannam, TamiiLambrado.

AI-analyzed exploit summary This PoC exploits a use-after-free vulnerability in the Linux DCCP socket implementation (CVE-2017-8824) to achieve kernel code execution. It manipulates socket states and triggers a UAF condition to gain control over RIP.

Description

The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Mohamed Ghannam · cdoslinux

https://www.exploit-db.com/exploits/43234

View Code ZIP pw:eip

This PoC exploits a use-after-free vulnerability in the Linux DCCP socket implementation (CVE-2017-8824) to achieve kernel code execution. It manipulates socket states and triggers a UAF condition to gain control over RIP.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Linux Kernel (tested on 4.10.5)

No auth needed

Prerequisites: Linux system with DCCP socket support · Unprivileged user access

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github WORKING POC 3 stars

by TamiiLambrado · cpoc

https://github.com/TamiiLambrado/CVE-pocs/tree/master/CVE-2017-8824-dccp-uaf.c

View Code ZIP pw:eip

This PoC exploits a use-after-free (UAF) vulnerability in the Linux kernel's DCCP implementation (CVE-2017-8824) by manipulating socket states and triggering improper cleanup of CCID TX/RX objects. The exploit demonstrates RIP control via memory corruption, targeting kernels from v2.6.16 to 4.14.3.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Linux Kernel (v2.6.16 to 4.14.3)

No auth needed

Prerequisites: Linux system with vulnerable kernel · ability to create DCCP sockets

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (24)

Core 24

Core References

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2018/dsa-4082

Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3583-2/

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3582-1/

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1062

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1319

Third Party Advisory x_refsource_confirm

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3583-1/

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:0676

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1216

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/43234/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/102056

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3581-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3581-3/

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1170

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3581-2/

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1130

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:0399

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2017/dsa-4073

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:3822

Third Party Advisory x_refsource_misc

http://lists.openwall.net/netdev/2017/12/04/224

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3582-2/

Mailing List, Third Party Advisory x_refsource_misc

http://www.openwall.com/lists/oss-security/2017/12/05/1

Scores

CVSS v3 7.8

EPSS 0.0085

EPSS Percentile 75.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (2)

linux/linux_kernel 2.6.14 - 3.2.97

n/a/Linux kernel through 4.14.3 Linux kernel through 4.14.3

Published Dec 05, 2017

Tracked Since Feb 18, 2026