Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-9143

kernel update [RHEL7.3 3.10.0-514.6.2.el7]

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • None
    • None
    • None
    • 3
    • 9223372036854775807

    Description

      Security Fix(es):

      • A use-after-free flaw was found in the way the Linux kernel's Datagram
        Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer)
        resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set
        on the socket. A local, unprivileged user could use this flaw to alter the
        kernel memory, allowing them to escalate their privileges on the system.
        (CVE-2017-6074, Important)

      Bugs fixed (https://bugzilla.redhat.com/):

      1423071 - CVE-2017-6074 kernel: use after free in dccp protocol

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-9174 kernel update [RHEL7.3 3.10.0-514.10.2.el7]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              bogl Bob Glossman (Inactive)
              bogl Bob Glossman (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: