CVE-2017-6346

Impact:
Moderate
Public Date:
2017-02-14
CWE:
CWE-362
Bugzilla:
1428487: CVE-2017-6346 kernel: net: Race condition in net/packet/af_packet.c
Race condition in net/packet/af_packet.c in the Linux kernel allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls.

Find out more about CVE-2017-6346 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as the code which can trigger the flaw is not present in the products listed.

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 6.2
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Will not fix
Red Hat Enterprise Linux 7 kernel-rt Will not fix
Red Hat Enterprise Linux 7 kernel Will not fix
Red Hat Enterprise Linux 6 kernel Not affected
Red Hat Enterprise Linux 5 kernel Not affected
Last Modified