A privilege-escalation flaw has been located in Linux kernel that can be traced back all the way to 2005. This vulnerability can influence major Linux systems, such as Ubuntu, Debian, OpenSUSE, and Redhat. The CVE-2017-6074 or simpler and much easier to remember, the Kernel (Linux) bug, has been identified by Andrey Konovalov, a security researcher. Konovalov used the Syzkaller, which is Google’s kernel fuzzing tool.
This vulnerability is actually a flaw in the way of how the Linux Kernel’s implementation Datagram Congestion Control Protocol (DCCP) protocol implementation frees the socket butter (SKB) resources associated with the DCCP_PKT_REQUEST packet at the moment the option IPV6_RECVPKTINFO has been set on the socket.
So, we’re actually talking about the double-free DCCP vulnerability that allows an unprivileged user to do some alteration of the Kernel memory on Linux. As a result, this can lead to a service denial or a system failure (crash). Furthermore, this vulnerability can lead to gaining an administrative system access.
This also means that an attacker can take control of the object and overwrite the related content with some of his own arbitrary data with the help of the Kernel-related heap spraying methods. If this overwritten object comes with the triggerable functions and pointers, then an attacker can apply the arbitrary code as he wishes within the Linux Kernel.
The DCCP is a transport layer protocol with a message-orientation that minimizes the end-node processing or the packet header size overhead as much as possible. In addition, it provides the maintenance, teardown, and establishment of the unreliable packets flow. This includes the congestion control associated with the packet flow. It is also worth mentioning that this particular vulnerability cannot provide a possibility for an attacker to break into the system by default. Why? Well, this isn’t a Remote Code Execution flaw. Therefore, it requires an attacker to have and use a local system account access in order to take the full advantage of the flaw.
Just a couple of months earlier, a similar vulnerability that was even older was discovered in Linux Kernel – CVE-2016-8655 can be traced back to 2011. This one allows potential attackers to get the root privileges. How? By using a race condition associated with the af_packet that is responsible for the Linux Kernel implementation. The good news is that this vulnerability already has a patch for it. So, all advanced Linux users can simply use the patch in order to rebuild the Kernel themselves. They can also apply the next kernel update to solve the problem.