Linux Kernel: DCCP Double Free, Local Root (CVE-2017-6074)
36 views
Skip to first unread message
Graham Christensen
Feb 23, 2017, 10:02:46 PM2/23/17
to nix-securi...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello,
Recently, a kernel double-free vulnerability was reported by Andrey
Konovalov in the DCCP functionality of the Linux kernel. All kernels
compiled with CONFIG_IP_DCCP enabled (compiled in or as a module) are
vulnerable. If the module is not loaded, the kernel will load it on
first use.
VULNERABILITY STATUS
- --------------------
NixOS's default configuration does compile the kernels with
CONFIG_IP_DCCP set to m and thusly we are vulnerable.
MITIGATION
- ----------
Until we are able to release patches, users are able to mitigate the
issue by applying the following configuration and running `nixos-rebuild
switch`:
boot.extraModProbeConfig = ''
install dccp /run/current-system/sw/bin/false
'';
If your kernel has already loaded the dccp module, you will need to
reboot:
lsmod | grep dccp
However, if you don't use dccp and your kernel has loaded the module,
you should investigate the situation.
RELEASE SCHEDULE
- ----------------
We are currently working to release patches and updates to NixOS 16.09
and Unstable. I hope to have patches being tested for release within the
next few hours.
MORE
- ----
For more details, visit: http://seclists.org/oss-sec/2017/q1/471,
reply to me (gra...@grahamc.com), or ask in #NixOS on Freenode.
Thank you to clever on Freenode for help on this email.
Thank you,
Graham Christensen
NixOS Security Team
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJYr6JMAAoJEAYSHTZv6UNcwUkQAKJ3nlbuBrmgwHquuAY3IF1a
UYagWjuRYnEKC3Sat79wUZcgdIQzrzex0illFnZ8tDG7F8S/DgEfzjWv14i3Xg0Q
ye41E8u2wo3v6nLjRibNWTWRgn8LsMaSn4zhj6DY1YvrmlKWbu/dztQanuX0Rn6K
145GnrGoPzTvN8/crK7ignxFN/rEXJoe6tlic3y+TcmwXOj0TY8Rbv+JoaxIcW/1
RYpzLC3+jVcsiob1XFr9uGtl09tprNX/1sUGtHnz3BN4YcCf4bxKoAcYHfndbYwh
SLtqLC1kSzc5VM6pMXHXgwuhDZPU1b79r1rVDKXybqeO5wFDQVJQxMTBSHVHUvUI
1h1NUbqOamICaW5kHxviZXhKysyx1B636ai02JVhbysR0gNRr72ZqW+YIpk+m09+
X0nFysIMJm3U9kpi0gGEazTBl1zm59121SNCUKsRTjC+pvjvT2GEGFf8LoS2NSaU
+C94CqiXFJzLQkh1+jbl/c5rrMUQ/MfZ4xeQep2rsYgUXw95wm48y7C/9He9F13u
IjPZMJL9bi3XF/aoUnBUEjSW7UyXjkXBmt3H1xNlM51WoQZ3EL9GlTIf0KV3s2eq
8dIqJOtucYnb/MKuu7gNJUDI0j7ana4hAOP6HOXBrnzJ0gdm16fRG14JPOAMe8k0
I47riuQjyxSiX5J85JhE
=vvCW
-----END PGP SIGNATURE-----
Hash: SHA256
Hello,
Recently, a kernel double-free vulnerability was reported by Andrey
Konovalov in the DCCP functionality of the Linux kernel. All kernels
compiled with CONFIG_IP_DCCP enabled (compiled in or as a module) are
vulnerable. If the module is not loaded, the kernel will load it on
first use.
VULNERABILITY STATUS
- --------------------
NixOS's default configuration does compile the kernels with
CONFIG_IP_DCCP set to m and thusly we are vulnerable.
MITIGATION
- ----------
Until we are able to release patches, users are able to mitigate the
issue by applying the following configuration and running `nixos-rebuild
switch`:
boot.extraModProbeConfig = ''
install dccp /run/current-system/sw/bin/false
'';
If your kernel has already loaded the dccp module, you will need to
reboot:
lsmod | grep dccp
However, if you don't use dccp and your kernel has loaded the module,
you should investigate the situation.
RELEASE SCHEDULE
- ----------------
We are currently working to release patches and updates to NixOS 16.09
and Unstable. I hope to have patches being tested for release within the
next few hours.
MORE
- ----
For more details, visit: http://seclists.org/oss-sec/2017/q1/471,
reply to me (gra...@grahamc.com), or ask in #NixOS on Freenode.
Thank you to clever on Freenode for help on this email.
Thank you,
Graham Christensen
NixOS Security Team
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJYr6JMAAoJEAYSHTZv6UNcwUkQAKJ3nlbuBrmgwHquuAY3IF1a
UYagWjuRYnEKC3Sat79wUZcgdIQzrzex0illFnZ8tDG7F8S/DgEfzjWv14i3Xg0Q
ye41E8u2wo3v6nLjRibNWTWRgn8LsMaSn4zhj6DY1YvrmlKWbu/dztQanuX0Rn6K
145GnrGoPzTvN8/crK7ignxFN/rEXJoe6tlic3y+TcmwXOj0TY8Rbv+JoaxIcW/1
RYpzLC3+jVcsiob1XFr9uGtl09tprNX/1sUGtHnz3BN4YcCf4bxKoAcYHfndbYwh
SLtqLC1kSzc5VM6pMXHXgwuhDZPU1b79r1rVDKXybqeO5wFDQVJQxMTBSHVHUvUI
1h1NUbqOamICaW5kHxviZXhKysyx1B636ai02JVhbysR0gNRr72ZqW+YIpk+m09+
X0nFysIMJm3U9kpi0gGEazTBl1zm59121SNCUKsRTjC+pvjvT2GEGFf8LoS2NSaU
+C94CqiXFJzLQkh1+jbl/c5rrMUQ/MfZ4xeQep2rsYgUXw95wm48y7C/9He9F13u
IjPZMJL9bi3XF/aoUnBUEjSW7UyXjkXBmt3H1xNlM51WoQZ3EL9GlTIf0KV3s2eq
8dIqJOtucYnb/MKuu7gNJUDI0j7ana4hAOP6HOXBrnzJ0gdm16fRG14JPOAMe8k0
I47riuQjyxSiX5J85JhE
=vvCW
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages