The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
Find out more about CVE-2017-1000253 from the MITRE CVE dictionary dictionary and NIST NV
This is a rebase of the kernel to the latest version. The kernel will continue to be updated every 4 hours with the latest patches and fixes by our KernelCare service that provides reboot-less kernel patching.
Thursday, December 7, 2017