Linux kernel CVE-2017-7487 : ‘net/ipx/af_ipx.c’ Use After Free Local Denial of Service Vulnerability

by CIRT Team

Description:  The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.

Impact: An attacker can exploit this issue to cause a local denial-of-service condition.

Mitigation: Updates are available. Please check specific vendor advisory for more information.

Reference URL’s:

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7487
• http://www.securityfocus.com/bid/98439/info
• https://bugzilla.redhat.com/show_bug.cgi?id=1447734
• https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts