edit-icon download-icon

[Vulnerability notice] CVE-2017-6074: Linux kernel DCCP double-free elevation of privilege vulnerability

Last Updated: Mar 19, 2018

On February 22, 2017, security researcher Andrey Konovalov found a vulnerability in the Linux kernel in the Datagram Congestion Control Protocol (DCCP) when using Syzkaller fuzzing. This vulnerability can go undetected for more than 10 years.

The vulnerability dates back to 2005 and affects the main releases of Linux operating systems, including Red Hat, Debian, OpenSUSE, and Ubuntu. It allows an attacker to run code in the kernel from an unprivileged process. It affects all Linux kernels since 2.6.18 (released on September 2006), though it may have been first introduced as early as October 2005 (when 2.6.14 was released) when DCCP support was provided.

See the following for more information about the vulnerability.


CVE identifier

CVE-2017-6074

Vulnerability name

Linux kernel DCCP double-free elevation of privilege vulnerability

Vulnerability rating

High

Vulnerability description

This vulnerability allows an attacker to gain elevation of privilege by running code in the kernel from an unprivileged process.

Condition and method of exploitation

This vulnerability can be exploited locally to run code.

Affected scope

Linux kernels later than 2.6.18

Vulnerability detection

None

How to fix or mitigate

We recommend that you follow up the update source information and upgrade to the latest kernel version in a timely manner.

Note: Back up snapshots before the upgrade.

Reference

[1]. Debian: https://security-tracker.debian.org/tracker/CVE-2017-6074
[2]. Redhat: https://rhn.redhat.com/errata/RHSA-2017-0295.html
[3]. Ubuntu: http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6074.html
[4]. SUSE: https://www.suse.com/security/cve/CVE-2017-6074/
[5]. http://www.openwall.com/lists/oss-security/2017/02/22/3
[6]. https://zh.wikipedia.org/wiki/%E6%95%B0%E6%8D%AE%E6%8B%A5%E5%A1%9E%E6%8E%A7%E5%88%B6%E5%8D%8F%E8%AE%AE
[7]. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6074
[8]. https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
[9]. https://www.kernel.org/doc/Documentation/networking/dccp.txt
[10]. http://www.read.cs.ucla.edu/dccp/

Thank you! We've received your feedback.