CVE-2017-8890

HIGH

Linux Kernel < 3.2.89 - Double Free in inet_csk_clone_lock

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2017-8890. PoCs published by thinkycx, beraphin, 7043mcgeep.

AI-analyzed exploit summary This repository contains a working proof-of-concept exploit for CVE-2017-8890, a double-free vulnerability in the Linux kernel's IP multicast code. The exploit includes multiple variants targeting different kernel versions and architectures, demonstrating privilege escalation to root.

Description

The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.

Exploits (3)

nomisec WORKING POC 36 stars
by thinkycx · poc
https://github.com/thinkycx/CVE-2017-8890

This repository contains a working proof-of-concept exploit for CVE-2017-8890, a double-free vulnerability in the Linux kernel's IP multicast code. The exploit includes multiple variants targeting different kernel versions and architectures, demonstrating privilege escalation to root.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux kernel (versions 4.10.0-19 and 3.10)
No auth needed
Prerequisites: Local access to a vulnerable system · Kernel version 4.10.0-19 or 3.10 · Compilation environment for the target architecture
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 22 stars
by beraphin · poc
https://github.com/beraphin/CVE-2017-8890

This repository contains a proof-of-concept exploit for CVE-2017-8890, a Linux kernel vulnerability involving a use-after-free in the netlink subsystem. The PoC demonstrates the vulnerability by creating and manipulating sockets to trigger the flaw.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Linux kernel (versions before 4.10.17)
No auth needed
Prerequisites: Linux system with vulnerable kernel · Ability to execute code on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by 7043mcgeep · poc
https://github.com/7043mcgeep/cve-2017-8890-msf

This repository contains a proof-of-concept exploit for CVE-2017-8890, a double-free vulnerability in the Linux kernel's IPv4 multicast handling. The exploit triggers a kernel panic by manipulating socket operations to cause a double-free condition in the `mc_list` object.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Linux kernel versions up to 4.10.15
No auth needed
Prerequisites: Target machine running a vulnerable Linux kernel version · Ability to execute socket operations on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98562
Third Party Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2017-09-01
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2669
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1854
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2077
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2017/dsa-3886
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1842

Scores

CVSS v3 7.8
EPSS 0.0137
EPSS Percentile 68.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-415
Status published
Products (3)
debian/debian_linux 8.0
debian/debian_linux 9.0
linux/linux_kernel < 3.2.89
Published May 10, 2017
Tracked Since Feb 18, 2026