CVE-2017-8890

HIGH

Linux Kernel <4.10.15 - DoS

Title source: llm

Description

The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.

Exploits (3)

nomisec WORKING POC 36 stars

by thinkycx · poc

https://github.com/thinkycx/CVE-2017-8890

View Code ZIP pw:eip

nomisec WORKING POC 22 stars

by beraphin · poc

https://github.com/beraphin/CVE-2017-8890

View Code ZIP pw:eip

nomisec WORKING POC

by 7043mcgeep · poc

https://github.com/7043mcgeep/cve-2017-8890-msf

View Code ZIP pw:eip

References (9)

[Issue Tracking, Patch, Third Party Advisory] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a

[Third Party Advisory] http://www.debian.org/security/2017/dsa-3886

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98562

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:1842

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:2077

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:2669

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:1854

[Issue Tracking, Patch, Third Party Advisory] https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a

[Third Party Advisory] https://source.android.com/security/bulletin/2017-09-01

Scores

CVSS v3 7.8

EPSS 0.0057

EPSS Percentile 68.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status draft

Affected Products (3)

linux/linux_kernel < 3.2.89

debian/debian_linux

debian/debian_linux

Timeline

Published May 10, 2017

Tracked Since Feb 18, 2026