Linux kernel CVE-2017-11176 : mq_notify function Denial of Service Vulnerability

by CIRT Team

Description:  The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.

Impact: An attacker can exploit this issue to cause denial-of-service condition.

Mitigation: Updates are available. Please check specific vendor advisory for more information.

Reference URL’s:

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11176
• https://security-tracker.debian.org/tracker/CVE-2017-11176
• https://access.redhat.com/security/cve/cve-2017-11176
• https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11176.html

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts