<= Back

AOSA-2017-0028: Update Linux Kernel

Please update your linux+kernel to versionf 69.

A security vulnerability was disclosed for the Linux Kernel:

This is an announcement about CVE-2017-6074 [1] which is a double-free vulnerability I found in the Linux kernel. It can be exploited to gain kernel code execution from an unprivileged processes.

The oldest version that was checked is 2.6.18 (Sep 2006), which is vulnerable. However, the bug was introduced before that, probably in the first release with DCCP support (2.6.14, Oct 2005).

The kernel needs to be built with CONFIG_IP_DCCP for the vulnerability to be present. A lot of modern distributions enable this option by default.

And was assigned CVE-2017-6074.

Relevant documentation: