CVE-2017-6074

Source
Severity High
Remote No
Type Privilege escalation
Description
A use-after-free vulnerability has been discovered in the DCCP implementation in the Linux kernel. The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state. A local unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
Group Package Affected Fixed Severity Status Ticket
AVG-189 linux-lts 4.4.50-1 4.9.13-1 High Fixed
AVG-186 linux-zen 4.9.8-1 4.9.11-2 High Fixed
AVG-178 linux 4.9.8-1 4.9.11-1 High Fixed
Date Advisory Group Package Severity Description
22 Feb 2017 ASA-201702-18 AVG-186 linux-zen High multiple issues
22 Feb 2017 ASA-201702-17 AVG-178 linux High multiple issues
References
https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
https://patchwork.ozlabs.org/patch/728808/