CVE-2017-8890

Public on 2017-06-22
Modified on 2017-06-22
Description
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.
Severity
Medium
CVSS v3 Base Score
6.5
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 kernel 2017-06-22 19:10 ALAS-2017-846

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
NVD CVSSv2 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C
NVD CVSSv3 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H