Public bug reported: CVE-2017-6074 was made public today as a DCCP double-free vulnerability that could allow for kernel code execution from an unprivileged process.
This local root vulnerability is present in Linux kernel releases going back at least to 2006 but potentially to 2005 when the code was first introduced. It affects kernel builds with CONFIG_IP_DCCP. Fixed upstream https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 ** Affects: linux (Ubuntu) Importance: Undecided Status: Confirmed ** Tags: precise xenial yakkety zesty ** Changed in: linux (Ubuntu) Status: New => Confirmed ** Information type changed from Private Security to Public ** Tags added: precise xenial yakkety zesty -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1667046 Title: CVE-2017-6074 DCCP vulnerability Status in linux package in Ubuntu: Confirmed Bug description: CVE-2017-6074 was made public today as a DCCP double-free vulnerability that could allow for kernel code execution from an unprivileged process. This local root vulnerability is present in Linux kernel releases going back at least to 2006 but potentially to 2005 when the code was first introduced. It affects kernel builds with CONFIG_IP_DCCP. Fixed upstream https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1667046/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
