Jump to content

CVE-2017-6074: DCCP double-free vulnerability (local root)


Recommended Posts

Posted (edited)

For anyone stumbling accross CVE-2017-6074 and thinking about whether Armbian installations are affected or not: we're most probably not since CONFIG_IP_DCCP is enabled as module only on some kernels:

root@armbian:/var/git/Armbian/lib/config/kernel # grep 'CONFIG_IP_DCCP=' *
linux-cubox-default.config:CONFIG_IP_DCCP=m
linux-cubox-dev.config:CONFIG_IP_DCCP=m
linux-mvebu-default.config:CONFIG_IP_DCCP=m
linux-mvebu-next.config:CONFIG_IP_DCCP=m
linux-sun8i-dev.config:CONFIG_IP_DCCP=m
linux-sunxi-dev.config:CONFIG_IP_DCCP=m
linux-sunxi-next.config:CONFIG_IP_DCCP=m
root@armbian:/var/git/Armbian/lib/config/kernel #

Details about this local root exploit: http://seclists.org/oss-sec/2017/q1/471

Edited by tkaiser
Searched in the wrong location in the first place
Posted

Main repository was updated - all kernels were fixed and updated to latest versions.

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines