Another Linux Kernel Vulnerability Leading To Local Root From Unprivileged Processes

Written by Michael Larabel in Linux Kernel on 22 February 2017 at 11:07 AM EST. 23 Comments
LINUX KERNEL
CVE-2017-6074 was made public today as a DCCP double-free vulnerability that could allow for kernel code execution from an unprivileged process.

This local root vulnerability is present in Linux kernel releases going back at least to 2006 but potentially to 2005 when the code was first introduced. It affects kernel builds with CONFIG_IP_DCCP, which is the case for many distribution kernels. Checking my Fedora 25 kernel right now, it's enabled. DCCP in this context is short for the Datagram Congestion Control Protocol.

The vulnerability was fixed in Linux Git last week.

More details on this latest Linux vulnerability via seclists.org.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week