CVE-2017-8824

HIGH

Linux Kernel < 3.2.97 - Use After Free

Title source: rule

Description

The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Mohamed Ghannam · cdoslinux

https://www.exploit-db.com/exploits/43234

View Code ZIP pw:eip

github WORKING POC 3 stars

by TamiiLambrado · cpoc

https://github.com/TamiiLambrado/CVE-pocs/tree/master/CVE-2017-8824-dccp-uaf.c

View Code ZIP pw:eip

References (24)

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html

[Third Party Advisory] http://lists.openwall.net/netdev/2017/12/04/224

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2017/12/05/1

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/102056

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:0399

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:0676

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:1062

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:1130

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:1170

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:1216

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:1319

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:3822

[Third Party Advisory] https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

[Third Party Advisory] https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html

[Third Party Advisory] https://usn.ubuntu.com/3581-1/

[Third Party Advisory] https://usn.ubuntu.com/3581-2/

[Third Party Advisory] https://usn.ubuntu.com/3581-3/

[Third Party Advisory] https://usn.ubuntu.com/3582-1/

[Third Party Advisory] https://usn.ubuntu.com/3582-2/

[Third Party Advisory] https://usn.ubuntu.com/3583-1/

... and 4 more

Scores

CVSS v3 7.8

EPSS 0.0085

EPSS Percentile 75.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (2)

linux/linux_kernel 2.6.14 - 3.2.97

n/a/Linux kernel through 4.14.3 Linux kernel through 4.14.3

Published Dec 05, 2017

Tracked Since Feb 18, 2026