[Nix-dev] Linux Kernel: DCCP Double Free, Local Root (CVE-2017-6074)

Graham Christensen graham at grahamc.com
Fri Feb 24 04:04:38 CET 2017 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Hello,

Recently, a kernel double-free vulnerability was reported by Andrey
Konovalov in the DCCP functionality of the Linux kernel. All kernels
compiled with CONFIG_IP_DCCP enabled (compiled in or as a module) are
vulnerable. If the module is not loaded, the kernel will load it on
first use.


VULNERABILITY STATUS
- - --------------------
NixOS's default configuration does compile the kernels with
CONFIG_IP_DCCP set to m and thusly we are vulnerable.


MITIGATION
- - ----------
Until we are able to release patches, users are able to mitigate the
issue by applying the following configuration and running `nixos-rebuild
switch`:

    boot.extraModProbeConfig = ''
      install dccp /run/current-system/sw/bin/false
    '';

If your kernel has already loaded the dccp module, you will need to
reboot:

    lsmod | grep dccp

However, if you don't use dccp and your kernel has loaded the module,
you should investigate the situation.


RELEASE SCHEDULE
- - ----------------
We are currently working to release patches and updates to NixOS 16.09
and Unstable. I hope to have patches being tested for release within the
next few hours.


MORE
- - ----
For more details, visit: http://seclists.org/oss-sec/2017/q1/471,
reply to me (graham at grahamc.com), or ask in #NixOS on Freenode.

Thank you to clever on Freenode for help on this email.

Thank you,
Graham Christensen
NixOS Security Team
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJYr6LGAAoJEAYSHTZv6UNcjjUP/jKZ2N2RJt3HjhCDfjBcT3da
c6i0I89Fjf0gypJmA+iEonZE0fMQTSMwFkU49FpmSvB2Dt/9IF5fsH5KLfC45gac
F5QAxmHn00HbJ3QKbfm8f+AwvgXoMSBe6eP9GStsu7VQDBCvblggbHgUnw/nBY/Q
uCa+X159sncS8HW9eLSdyPSpTt2yfPOiCeLXunmZpX4s3W5hPfNGz+OzgxpSspYY
i20iH75Mxtmkm60qFI91YqyVqGoWHtEu+Su/BK3i1NaY9Y+2Gf2p5SakBx8023/l
fagFKH2caebNJIwNDTBqpxKLVRT5I6n2h9Q9TGdFKE7izSYHj80LnyGau4mDLScX
imzDCSWaEOtoWwaeu/LGnM2Fn2BS+DtIf+GbNeOTohzRW1c6D3u43Xegl/adIX1q
mg3H2nkrJTDRQI98Ftu5OSziln8xrFkriJYORdIsdfTPtdLHgog2HVjvJ3U5k7t+
Snr4ep5ZBebaFTYhoZdSoCL8zmCwp722TIoBcUiQ/jjSCUeQ/USsjTTAlWQSb/AX
VU5X7/t/7ZeBd+67R5ovowCb2Axj4JF9COoMdbE6slgfuqEvghM+cK8komv+GJWV
y9DxTEVT9gm3qV+stbO+yIh41jAG9DqR5rwmzhdch+nrOA/Ib4U2bHD80U0DmRfc
QlI58q2jPzOaF0ubJDzH
=F23d
-----END PGP SIGNATURE-----

More information about the nix-dev mailing list