Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges. Various other vulnerabilities were addressed.
f33f9e8f678adbf7a3a32f53939cff60
Red Hat Security Advisory 2017-1209-01 - The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
93672f4ccb6661358bda7b9f2c04ec3f
Several security issues were fixed in the kernel. Andrey Konovalov discovered that the AF_PACKET implementation in the Linux kernel did not properly validate certain block-size data. A local attacker could use this to cause a denial of service (system crash). Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.
878ad898ccfcd692664025f15c5ea754
Red Hat Security Advisory 2017-0932-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.
48accb75669589d0b6dfb8ef97c3255d
Red Hat Security Advisory 2017-0501-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
cb083dcff4b074f226afea3be3978478
Red Hat Security Advisory 2017-0403-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
2f3e9d7a58b0389a6ca9195ed7af8a2f
Red Hat Security Advisory 2017-0365-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
9a035bc44e07eeb4d06aa1efe1e26924
Red Hat Security Advisory 2017-0366-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
ed25f3c43832317c1d499dcb36623513
Red Hat Security Advisory 2017-0347-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
929e881c463d2f9d37abb573e97382b8
Red Hat Security Advisory 2017-0346-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
7d39c0c36b0586d1ce5ef011185bd5d2
Red Hat Security Advisory 2017-0345-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
ec6613e91d08fe574dea8e85f29b2366
Linux kernel version 4.4.0 (Ubuntu) DCCP double-free crash denial of service proof of concept exploit.
64869a56d09161f6df97f86638c06fe9
Linux Kernel version 4.4.0 (Ubuntu) DCCP double-free privilege escalation exploit that includes a semi-reliable SMAP/SMEP bypass.
4b57202cbe11e092d2eff65de8f63620
Red Hat Security Advisory 2017-0323-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
2a24704c6672fb7196e61384ba5ed279
Red Hat Security Advisory 2017-0324-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
5c393fc0eb236199eb74b03420ac9dfc
Red Hat Security Advisory 2017-0316-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
76902f515abbbd4e3ed5e91fb7b82325
Debian Linux Security Advisory 3791-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.
68653b8767a22eadb7cf331b1f8daa59
Red Hat Security Advisory 2017-0293-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
6bd8fe49f9541934a30572a187c12c08
Red Hat Security Advisory 2017-0295-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
c0ce8b01cb2d167b1e4351958bde9ed4
Red Hat Security Advisory 2017-0294-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
bdff5210747499fcf209cc68ee27684f
Ubuntu Security Notice 3208-1 - It was discovered that the generic SCSI block layer in the Linux kernel did not properly restrict write operations in certain situations. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. CAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service. Various other issues were also addressed.
dc8e418a9c1c2155f1ee17f0ce6afe42
Ubuntu Security Notice 3209-1 - It was discovered that the generic SCSI block layer in the Linux kernel did not properly restrict write operations in certain situations. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service. Various other issues were also addressed.
aed8824b085c2e027cd59eb7f8dfbd85
Ubuntu Security Notice 3208-2 - USN-3208-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the generic SCSI block layer in the Linux kernel did not properly restrict write operations in certain situations. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.
22e34e868e9aa84186fbd8541141f6a8
Ubuntu Security Notice 3207-2 - USN-3207-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.
c0320da86bd7ef0a80867ccd916fd84f
Ubuntu Security Notice 3207-1 - It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Dmitry Vyukov discovered a use-after-free vulnerability in the sys_ioprio_get function in the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.
1383749585832daa1cfd70e12cfc5a6c