A flaw was found in the linux kernels implementation of DCCP protocol in which a local user could create influence timing in which a skbuff could be used after it had been freed by the kernel. An attacker is able to craft structures allocated in this free memory will be able to create memory corruption, privilege escalation or crash the system. An attacker must have a local account access on the system, this is not a remote attack. An attack requires IPV6 support to be enabled in the system. Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
There's no upstream release containing the fix yet. Fix present in >=sys-kernel/gentoo-sources-4.9.12 >=sys-kernel/gentoo-sources-4.4.51
also in >=sys-kernel/gentoo-sources-4.1.44
commit 84dd15749e0931a21fcced926b60f054a5ae155a Author: Justin Lecher <jlec@gentoo.org> Date: Sat Feb 25 10:45:17 2017 +0000 sys-kernel/aufs-sources: Bump to latest aufs, genpatches and linux release fixes CVE-2017-6074 drop old Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=610600 Package-Manager: Portage-2.3.3, Repoman-2.3.1 Signed-off-by: Justin Lecher <jlec@gentoo.org> https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84dd15749e0931a21fcced926b60f054a5ae155a
Upstream fix in 4.9.13 http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.9.y&id=171d92a9d915d238e05285ca67faf30f554d7df7
Currently, only other upstream branch with a fix looks like 4.4.y $ git tag --contains a95df078e86624ee330e82aad34cfd3b5fcf21ce v4.4.52 Fix for other longterm branches (upstream) don't appear to be in-tree yet. Upstream 4.10.y branch (any/all post-RC versions) contains the original version which is backported by genpatches-4.9-14 $ git tag --contains 5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 v4.10 v4.10.1 sys-kernel/ck-sources: CVE-2017-6074 (fixed by genpatches 4.9-14 / linux 4.10)
Fixed in 4.10, 4.9.13