BSA-2017-265
21512
13 October 2017
02 May 2017
Closed
High
8.0
N/A
CVE-2017-6074
Summary
Security Advisory ID : BSA-2017-265
Component : Linux Kernel
Revision : 2.0: Interim
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
Affected Products
Brocade is investigating its product lines to determine which products may be affected by this vulnerability and the impact on each affected product.
Products Confirmed Not Vulnerable
Brocade 5400 vRouter, Brocade 5600 vRouter, Brocade Fabric OS, Brocade FastIron OS, Brocade Network Advisor, Brocade NetIron OS, Brocade Network OS, Brocade SDN Controller, Brocade ServerIron ADX, Brocade Services Director, Brocade SLX-OS, Brocade Virtual Traffic Manager, Brocade Virtual Web Application Firewall, and Brocade Workflow Composer are confirmed not affected by this vulnerability.
Workaround
There are no workarounds that address this vulnerability.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | May 2, 2017 |
2.0 | Updating to address BNA, FOS, NI, & WC | October 13, 2017 |