Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2017-11176

Description

The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.

POC

Reference

- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

- https://www.exploit-db.com/exploits/45553/

Github

- https://github.com/0xor0ne/awesome-list

- https://github.com/ARPSyndicate/cvemon

- https://github.com/Al1ex/LinuxEelvation

- https://github.com/CERTCC/Linux-Kernel-Analysis-Environment

- https://github.com/DoubleMice/cve-2017-11176

- https://github.com/Flerov/WindowsExploitDev

- https://github.com/Gobinath-B/Exploit-Developement

- https://github.com/HaxorSecInfec/autoroot.sh

- https://github.com/HckEX/CVE-2017-11176

- https://github.com/IdanBanani/Linux-Kernel-VR-Exploitation

- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2

- https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits

- https://github.com/Lexterl33t/Exploit-Kernel

- https://github.com/Norido/kernel

- https://github.com/Sama-Ayman-Mokhtar/CVE-2017-11176

- https://github.com/Yanoro/CVE-2017-11176

- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits

- https://github.com/ahpaleus/ahp_cheatsheet

- https://github.com/anoaghost/Localroot_Compile

- https://github.com/bachkhoasoft/awesome-list-ks

- https://github.com/bsauce/kernel-exploit-factory

- https://github.com/bsauce/kernel-security-learning

- https://github.com/c3r34lk1ll3r/CVE-2017-11176

- https://github.com/c3r34lk1ll3r/CVE-2017-5123

- https://github.com/cranelab/exploit-development

- https://github.com/gladiopeace/awesome-stars

- https://github.com/hckex/CVE-2017-11176

- https://github.com/jopraveen/exploit-development

- https://github.com/kdn111/linux-kernel-exploitation

- https://github.com/khanhdn111/linux-kernel-exploitation

- https://github.com/khanhdz-06/linux-kernel-exploitation

- https://github.com/khanhdz191/linux-kernel-exploitation

- https://github.com/khanhhdz/linux-kernel-exploitation

- https://github.com/khanhhdz06/linux-kernel-exploitation

- https://github.com/khanhnd123/linux-kernel-exploitation

- https://github.com/khnhdz/linux-kernel-exploitation

- https://github.com/klecko/exploits

- https://github.com/knd06/linux-kernel-exploitation

- https://github.com/leonardo1101/cve-2017-11176

- https://github.com/lexfo/cve-2017-11176

- https://github.com/ndk06/linux-kernel-exploitation

- https://github.com/ndk191/linux-kernel-exploitation

- https://github.com/ostrichxyz7/kexps

- https://github.com/paulveillard/cybersecurity-exploit-development

- https://github.com/pjlantz/optee-qemu

- https://github.com/prince-stark/Exploit-Developement

- https://github.com/ssr-111/linux-kernel-exploitation

- https://github.com/vlain1337/auto-lpe

- https://github.com/wkhnh06/linux-kernel-exploitation

- https://github.com/xairy/linux-kernel-exploitation