Race condition vulnerability in Linux kernel/ucount.c leading to denial of service and potential system crash

Race condition vulnerability in Linux kernel/ucount.c leading to denial of service and potential system crash

CVE-2017-6874 · HIGH Severity

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction between put_ucounts and get_ucounts.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.