AOSA-2017-0028: Update Linux Kernel
March 4, 2017
Please update your
linux+kernel to versionf
A security vulnerability was disclosed for the Linux Kernel:
This is an announcement about
CVE-2017-6074  which is a double-free
vulnerability I found in the Linux kernel. It can be exploited to gain
kernel code execution from an unprivileged processes.
The oldest version that was checked is 2.6.18 (Sep 2006), which is vulnerable. However, the bug was introduced before that, probably in the first release with DCCP support (2.6.14, Oct 2005).
The kernel needs to be built with
CONFIG_IP_DCCP for the vulnerability
to be present. A lot of modern distributions enable this option by
And was assigned CVE-2017-6074.