Ubuntu
linux package

CVE-2017-6074 DCCP vulnerability

Bug #1667046 reported by dino99 on 2017-02-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

CVE-2017-6074 was made public today as a DCCP double-free vulnerability that could allow for kernel code execution from an unprivileged process.

This local root vulnerability is present in Linux kernel releases going back at least to 2006 but potentially to 2005 when the code was first introduced. It affects kernel builds with CONFIG_IP_DCCP.

Fixed upstream
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4

Tags:

CVE References

2017-6074

dino99 (9d9) on 2017-02-22

Changed in linux (Ubuntu):
status:	New → Confirmed
information type:	Private Security → Public
tags:	added: precise xenial yakkety zesty

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2017-02-22:

We published updates for the issue already:

https://www.ubuntu.com/usn/

Changed in linux (Ubuntu):
status:	Confirmed → Fix Released

Revision history for this message

Rohit (deathsphinx) wrote on 2017-02-22:

Hey,

Does this affects the new version of kernel as well.
Or is it restricted to the 2.6 versions.

Revision history for this message

dino99 (9d9) wrote on 2017-02-22:

http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6074.html

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

CVE-2017-6074 DCCP vulnerability

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package