CVE-2017-8824

NameCVE-2017-8824
DescriptionThe dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1200-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)wheezy3.2.78-1vulnerable
wheezy (security)3.2.96-2fixed
jessie3.16.51-2vulnerable
jessie (security)3.16.43-2+deb8u5vulnerable
stretch4.9.65-3vulnerable
stretch (security)4.9.30-2+deb9u5vulnerable
buster4.13.13-1vulnerable
sid4.14.2-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)(unfixed)
linuxsourcewheezy3.2.96-1DLA-1200-1

Notes

http://lists.openwall.net/netdev/2017/12/04/224
Fixed by: https://git.kernel.org/linus/69c64866ce072dea1d1e59a0d61e0f66c0dffb76

Search for package or bug name: Reporting problems