CVE-2017-6074: Linux local root exploit
New CVE-2017-6074 Linux local root exploit was published.
CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
Mitigation: Recent versions of the SELinux policy can mitigate this flaw. The steps below will work with SELinux enabled or disabled.
As the DCCP module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:
# echo "install dccp /bin/true" >> /etc/modprobe.d/disable-dccp.conf
The system will need to be restarted if the DCCP modules are loaded. In most circumstances, the DCCP kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use.