CVE-2017-6074

Impact:
Important
Public Date:
2017-02-22
CWE:
CWE-416
Bugzilla:
1423071: CVE-2017-6074 kernel: use after free in dccp protocol
A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.

Find out more about CVE-2017-6074 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2 kernels.

As this issue is rated as Important, it has been scheduled to be fixed in a future version of Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2 kernels.

CVSS v3 metrics

CVSS3 Base Score 7.8
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Extended Update Support 6.7 (kernel) RHSA-2017:0316 2017-02-23
Red Hat Enterprise Linux 5 (kernel) RHSA-2017:0323 2017-02-24
Red Hat Enterprise Linux Long Life (v. 5.6 server) (kernel) RHSA-2017:0347 2017-02-28
Red Hat Enterprise Linux Advanced Update Support 6.5 (kernel) RHSA-2017:0366 2017-03-01
Red Hat Enterprise Linux Advanced Update Support 6.4 (kernel) RHSA-2017:0345 2017-02-28
RHEV Hypervisor for RHEL-6 (rhev-hypervisor7) RHSA-2017:1209 2017-05-09
Red Hat Enterprise Linux Long Life (v. 5.9 server) (kernel) RHSA-2017:0346 2017-02-28
Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) RHSA-2017:0295 2017-02-22
Management Agent for RHEL 7 Hosts (rhev-hypervisor7) RHSA-2017:1209 2017-05-09
MRG Grid for RHEL 6 Server v.2 (kernel-rt) RHSA-2017:0932 2017-04-12
Red Hat Enterprise Linux Extended Update Support 7.1 (kernel) RHSA-2017:0403 2017-03-02
Red Hat Enterprise Linux 6 (kernel) RHSA-2017:0293 2017-02-22
Red Hat Enterprise Linux Advanced Update Support 6.2 (kernel) RHSA-2017:0365 2017-03-01
Red Hat Enterprise Linux Extended Update Support 7.2 (kernel) RHSA-2017:0501 2017-03-14
Red Hat Enterprise Linux Advanced Update Support 6.6 (kernel) RHSA-2017:0324 2017-02-24
Red Hat Enterprise Linux Server TUS (v. 6.5) (kernel) RHSA-2017:0366 2017-03-01
Red Hat Enterprise Linux 7 (kernel) RHSA-2017:0294 2017-02-22
Red Hat Enterprise Linux Server TUS (v. 6.6) (kernel) RHSA-2017:0324 2017-02-24

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Affected
RHEV-M for Servers distribution Affected
RHEV-M 4.0 distribution Affected

Acknowledgements

Red Hat would like to thank Andrey Konovalov (Google) for reporting this issue.

Mitigation

Recent versions of the SELinux policy can mitigate this flaw. The steps below will work with SELinux enabled or disabled. As the DCCP module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions: # echo "install dccp /bin/true" >> /etc/modprobe.d/disable-dccp.conf The system will need to be restarted if the DCCP modules are loaded. In most circumstances, the DCCP kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

External References

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.