7.8
HIGH
CVE-2017-11176
Linux Netlink Socket Use-After-Free Denial of Service Vulnerability
Description

The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.

INFO

Published Date :

July 11, 2017, 11:29 p.m.

Last Modified :

Jan. 17, 2023, 9:01 p.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
Public PoC/Exploit Available at Github

CVE-2017-11176 has a 30 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2017-11176 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
1 Debian debian_linux
: Total Affected Vendor : 2 | Products : 2
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2017-11176.

URL Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f991af3daabaecff34684fd51fac80319d1baad1 Issue Tracking Patch Third Party Advisory
http://www.debian.org/security/2017/dsa-3927 Third Party Advisory
http://www.debian.org/security/2017/dsa-3945 Third Party Advisory
http://www.securityfocus.com/bid/99919 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:2918 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2930 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2931 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0169 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3822 Third Party Advisory
https://github.com/torvalds/linux/commit/f991af3daabaecff34684fd51fac80319d1baad1 Issue Tracking Patch Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 Third Party Advisory
https://www.exploit-db.com/exploits/45553/ Third Party Advisory VDB Entry

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
a-roshbaik/Linux-Privilege-Escalation-Exploits

None

C Shell Python Assembly Ruby Makefile Meson

Updated: 2 months ago
0 stars 0 fork 0 watcher
Born at : July 20, 2024, 8:34 p.m. This repo has been linked 91 different CVEs too.
Profile Photo
HaxorSecInfec/autoroot.sh

Auto Root / Privilege Escalation Exploit

autoroot privilege privilege-escalation root

Shell

Updated: 1 month ago
2 stars 1 fork 1 watcher
Born at : June 11, 2024, 9:57 p.m. This repo has been linked 85 different CVEs too.
Profile Photo
IdanBanani/Linux-Kernel-VR-Exploitation

Linux & Android Kernel Vulnerability research and exploitation

exploitation kernel-bypass kernel-exploitation kernel-security linux linux-kernel-hacking pwn vulnerability-research lpe privilege-escalation privilege-escalation-exploits

Updated: 2 weeks, 3 days ago
26 stars 4 fork 4 watcher
Born at : Sept. 28, 2023, 3:15 p.m. This repo has been linked 19 different CVEs too.
Profile Photo
ostrichxyz7/kexps

None

Makefile C

Updated: 6 months, 4 weeks ago
2 stars 1 fork 1 watcher
Born at : July 22, 2023, 3:11 a.m. This repo has been linked 18 different CVEs too.
Profile Photo
JlSakuya/Linux-Privilege-Escalation-Exploits

Linux privilege escalation exploits collection.

C Shell Python Assembly Ruby Makefile Meson

Updated: 2 weeks, 3 days ago
88 stars 13 fork 13 watcher
Born at : April 26, 2023, 2:58 p.m. This repo has been linked 91 different CVEs too.
Profile Photo
ndk06/linux-kernel-exploitation

None

Updated: 3 weeks, 6 days ago
6 stars 0 fork 0 watcher
Born at : Feb. 25, 2023, 10:40 a.m. This repo has been linked 178 different CVEs too.
Profile Photo
Sama-Ayman-Mokhtar/CVE-2017-11176

mq_notify: double sock_put()

C

Updated: 1 year, 9 months ago
0 stars 0 fork 0 watcher
Born at : July 5, 2022, 7:13 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
Gobinath-B/Exploit-Developement

Binary Exploitation

Python

Updated: 2 years, 3 months ago
0 stars 0 fork 0 watcher
Born at : May 29, 2022, 3:43 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
paulveillard/cybersecurity-exploit-development

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Exploit Development.

code-execution developer developer-experience developer-tools development development-tools exploit exploitation exploitation-framework exploitation-frameworks exploitation-menu vulnerability-detection

Updated: 3 months ago
15 stars 5 fork 5 watcher
Born at : April 17, 2022, 11:20 p.m. This repo has been linked 23 different CVEs too.
Profile Photo
pjlantz/optee-qemu

Environment with vulnerable kernel for exploitation of the TEE driver (CVE-2021-44733)

Updated: 5 months ago
74 stars 12 fork 12 watcher
Born at : Dec. 23, 2021, 5:45 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
CERTCC/Linux-Kernel-Analysis-Environment

Container-based environment for debugging and analyzing Linux kernels using QEMU and GDB

Dockerfile Shell

Updated: 1 month, 1 week ago
5 stars 2 fork 2 watcher
Born at : Nov. 4, 2021, 5:17 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
gladiopeace/awesome-stars

A curated list of my GitHub stars!

Updated: 3 years, 1 month ago
0 stars 0 fork 0 watcher
Born at : Aug. 4, 2021, 2:46 p.m. This repo has been linked 4 different CVEs too.
Profile Photo
Lexterl33t/Exploit-Kernel

Linux kernel buffer overflow exploit exemple

C

Updated: 2 years, 7 months ago
0 stars 0 fork 0 watcher
Born at : July 30, 2021, 2:32 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
jopraveen/exploit-development

Gonna share my writeups and resources here

Python

Updated: 1 month, 3 weeks ago
57 stars 14 fork 14 watcher
Born at : April 13, 2021, 5:01 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
Al1ex/LinuxEelvation

Linux Eelvation(持续更新)

cve-2021-3156 cve-2019-7304 cve-2019-13272 cve-2018-18955 cve-2018-1000001 cve-2018-17182 cve-2017-1000367 cve-2017-1000112 cve-2017-16995 cve-2017-16939 linux-kernel elevation cve-2021-4034 cve-2022-0847

C Shell Python Ruby Makefile HTML

Updated: 3 weeks, 2 days ago
390 stars 92 fork 92 watcher
Born at : March 30, 2021, 7:09 a.m. This repo has been linked 72 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2017-11176 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2017-11176 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Modified Analysis by [email protected]

    Jan. 17, 2023

    Action Type Old Value New Value
    Removed CVSS V3 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://access.redhat.com/errata/RHSA-2018:3822 No Types Assigned https://access.redhat.com/errata/RHSA-2018:3822 Third Party Advisory
    Changed Reference Type https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 No Types Assigned https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 Third Party Advisory
    Changed Reference Type https://www.exploit-db.com/exploits/45553/ No Types Assigned https://www.exploit-db.com/exploits/45553/ Third Party Advisory, VDB Entry
    Changed CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (including) 4.11.9 OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 3.2.92 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.3 up to (excluding) 3.16.47 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.17 up to (excluding) 3.18.61 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.19 up to (excluding) 4.1.43 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.2 up to (excluding) 4.4.77 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.5 up to (excluding) 4.9.38 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.10 up to (excluding) 4.11.11 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.12 up to (excluding) 4.12.2
  • CVE Modified by [email protected]

    Dec. 13, 2018

    Action Type Old Value New Value
    Added Reference https://access.redhat.com/errata/RHSA-2018:3822 [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 30, 2018

    Action Type Old Value New Value
    Added Reference https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 09, 2018

    Action Type Old Value New Value
    Added Reference https://www.exploit-db.com/exploits/45553/ [No Types Assigned]
  • Modified Analysis by [email protected]

    Aug. 30, 2018

    Action Type Old Value New Value
    Changed CVSS V2 (AV:N/AC:L/Au:N/C:C/I:C/A:C) (AV:L/AC:L/Au:N/C:C/I:C/A:C)
    Changed CVSS V3 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://access.redhat.com/errata/RHSA-2017:2931 No Types Assigned https://access.redhat.com/errata/RHSA-2017:2931 Third Party Advisory
    Changed Reference Type https://access.redhat.com/errata/RHSA-2017:2930 No Types Assigned https://access.redhat.com/errata/RHSA-2017:2930 Third Party Advisory
    Changed Reference Type http://www.securityfocus.com/bid/99919 No Types Assigned http://www.securityfocus.com/bid/99919 Third Party Advisory, VDB Entry
    Changed Reference Type http://www.debian.org/security/2017/dsa-3945 No Types Assigned http://www.debian.org/security/2017/dsa-3945 Third Party Advisory
    Changed Reference Type https://access.redhat.com/errata/RHSA-2018:0169 No Types Assigned https://access.redhat.com/errata/RHSA-2018:0169 Third Party Advisory
    Changed Reference Type https://access.redhat.com/errata/RHSA-2017:2918 No Types Assigned https://access.redhat.com/errata/RHSA-2017:2918 Third Party Advisory
    Changed Reference Type http://www.debian.org/security/2017/dsa-3927 No Types Assigned http://www.debian.org/security/2017/dsa-3927 Third Party Advisory
    Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* *cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Jan. 27, 2018

    Action Type Old Value New Value
    Added Reference https://access.redhat.com/errata/RHSA-2018:0169 [No Types Assigned]
  • CVE Modified by [email protected]

    Dec. 07, 2017

    Action Type Old Value New Value
    Added Reference https://access.redhat.com/errata/RHSA-2017:2931 [No Types Assigned]
    Added Reference https://access.redhat.com/errata/RHSA-2017:2930 [No Types Assigned]
    Added Reference https://access.redhat.com/errata/RHSA-2017:2918 [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 04, 2017

    Action Type Old Value New Value
    Added Reference http://www.debian.org/security/2017/dsa-3945 [No Types Assigned]
    Added Reference http://www.debian.org/security/2017/dsa-3927 [No Types Assigned]
  • CVE Modified by [email protected]

    Aug. 08, 2017

    Action Type Old Value New Value
    Added Reference http://www.securityfocus.com/bid/99919 [No Types Assigned]
  • Initial Analysis by [email protected]

    Jul. 14, 2017

    Action Type Old Value New Value
    Added CVSS V2 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Added CVSS V3 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f991af3daabaecff34684fd51fac80319d1baad1 No Types Assigned http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f991af3daabaecff34684fd51fac80319d1baad1 Issue Tracking, Patch, Third Party Advisory
    Changed Reference Type https://github.com/torvalds/linux/commit/f991af3daabaecff34684fd51fac80319d1baad1 No Types Assigned https://github.com/torvalds/linux/commit/f991af3daabaecff34684fd51fac80319d1baad1 Issue Tracking, Patch, Third Party Advisory
    Added CWE CWE-416
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:4.11.9:*:*:*:*:*:*:* (and previous)
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2017-11176 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2017-11176 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.08 }} -0.02%

score

0.32142

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: