Vulnerabilities > CVE-2017-6874 - Use After Free vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction between put_ucounts and get_ucounts.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0008.NASL description An update of [xcerces-c,linux] packages for PhotonOS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111857 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111857 title Photon OS 1.0: Linux PHSA-2017-0008 (deprecated) NASL family Fedora Local Security Checks NASL id FEDORA_2017-15FBAF2450.NASL description The 4.9.17 update contains a number of important fixes across the tree ---- The 4.9.16 update contains a number of important fixes across the tree ---- The 4.9.15 update contains a number of important fixes across the tree ---- The 4.9.14 update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-03-30 plugin id 99051 published 2017-03-30 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99051 title Fedora 24 : kernel (2017-15fbaf2450) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1521.NASL description According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.(CVE-2017-7895i1/4%0 - A flaw was found in the Linux kernel last seen 2020-03-19 modified 2019-05-14 plugin id 124974 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124974 title EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1521) NASL family Fedora Local Security Checks NASL id FEDORA_2017-90AAA5BD24.NASL description The 4.10.5 stable kernel update contains a number of important fixes across the tree. ---- The 4.10.4 stable kernel update contains a number of important fixes across the tree. It also reverts CONFIG_CFG80211_CRDA_SUPPORT to match the previous 4.9 kernels. ---- The 4.10.3 kernel rebase contains a number of new features, important fixes, and additional hardware support. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-03-28 plugin id 99010 published 2017-03-28 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99010 title Fedora 25 : kernel (2017-90aaa5bd24)