Red Hat: 'use after free' vulnerability found in Linux kernel's DCCP protocol IPV6 implementation
Red Hat Product Security has published details of an "important" security vulnerability in the Linux kernel. The IPv6 implementation of the DCCP protocol means that it is possible for a local, unprivileged user to alter kernel memory and escalate their privileges.
Known as the "use-after-free" flaw, CVE-2017-6074 affects a number of Red Hat products including Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7 and Red Hat Openshift Online v2. Mitigating factors include the requirement for a potential attacker to have access to a local account on a machine, and for IPV6 to be enabled, but it is still something that will be of concern to Linux users.
Describing the vulnerability, Red Hat says: "This flaw allows an attacker with an account on the local system to potentially elevate privileges. This class of flaw is commonly referred to as UAF (Use After Free.) Flaws of this nature are generally exploited by exercising a code path that accesses memory via a pointer that no longer references an in use allocation due to an earlier free() operation. In this specific issue, the flaw exists in the DCCP networking code and can be reached by a malicious actor with sufficient access to initiate a DCCP network connection on any local interface. Successful exploitation may result in crashing of the host kernel, potential execution of code in the context of the host kernel or other escalation of privilege by modifying kernel memory structures."
Chris Robinson, product security manager at Red Hat, says:
Like 2016's "Dirty Cow", the DCCP networking flaw within the Linux kernel could allow attackers who have local access to a machine to escalate their privileges. Unlike Dirty Cow, however, this vulnerability is easier to mitigate; and for Red Hat customers, the flaw was blocked by SELinux by default. We strongly recommend that all affected users patch their systems and take additional steps that Red Hat and other software vendors have outlined to help mitigate any potential problems.
While patches have been created for some Red Hat distros, fixes for some of those affected are still in the works. Users are advised to keep an eye on the Red Hat website for updates.