Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceUBUNTU-CVE-2017-18509

UBUNTU-CVE-2017-18509

HIGH7.8

An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop gen

Published Aug 13, 2019

Modified 7 months ago

Fix available

Details

An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.

Affected Packages(158 packages)

linux

Ubuntu 18.04 LTS

Fixed in:

4.13.0-16.19

linux

Ubuntu 25.04

Fixed in:

6.11.0-8.8

linux

Ubuntu 24.04 LTS

Fixed in:

6.5.0-9.9

linux

Ubuntu Pro 14.04 LTS

Affected versions:

3.11.0-12.193.12.0-1.33.12.0-2.53.12.0-2.73.12.0-3.83.12.0-3.93.12.0-4.103.12.0-4.123.12.0-5.133.12.0-7.15+170 more

linux

Ubuntu 16.04 LTS

Affected versions:

4.2.0-16.194.2.0-17.214.2.0-19.234.3.0-1.104.3.0-2.114.3.0-5.164.3.0-6.174.3.0-7.184.4.0-10.254.4.0-101.124+88 more

Fixed in:

4.4.0-165.193

linux

Ubuntu 22.04 LTS

Fixed in:

5.13.0-19.19

linux

Ubuntu 20.04 LTS

Affected versions:

5.3.0-18.195.3.0-24.26

Fixed in:

5.4.0-9.12

linux-aws

Ubuntu 24.04 LTS

Fixed in:

6.5.0-1008.8

linux-aws

Ubuntu 25.04

Fixed in:

6.11.0-1004.4

linux-aws

Ubuntu 20.04 LTS

Affected versions:

5.3.0-1003.35.3.0-1008.95.3.0-1009.105.3.0-1010.11

Fixed in:

5.4.0-1005.5

References

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99253eb750fda6a644d5188fb26c43bad8d5a745

https://git.kernel.org/linus/99253eb750fda6a644d5188fb26c43bad8d5a745

https://github.com/torvalds/linux/commit/99253eb750fda6a644d5188fb26c43bad8d5a745

https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html

https://lists.openwall.net/netdev/2017/12/04/40

https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-inetcsklistenstop-gpf

https://salsa.debian.org/kernel-team/linux/commit/baefcdc2f29923e7325ce4e1a72c3ff0a9800f32

https://ubuntu.com/security/CVE-2017-18509

https://ubuntu.com/security/notices/USN-4145-1

https://www.cve.org/CVERecord?id=CVE-2017-18509

https://www.debian.org/security/2019/dsa-4497

CVSS Analysis

CVSS v3.1

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Upstream

Related

Ecosystems(28)

Ubuntu 18.04 LTS Ubuntu 25.04 Ubuntu 24.04 LTS Ubuntu Pro 14.04 LTS Ubuntu 16.04 LTS

Timeline

PublishedAug 13, 2019

ModifiedJul 15, 2025

UBUNTU-CVE-2017-18509 | Mondoo Vulnerability Intelligence