CVE-2017-6353

Severity CVSS v4.0:
Pending analysis
Type:
CWE-415 Double Free
Publication date:
01/03/2017
Last modified:
17/06/2026

Description

net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.10 (including)