The LLC subsystem in the Linux kernel does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls. Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b74d439e1697110c5e5c600643e823eb1dd0762 References: http://seclists.org/oss-sec/2017/q1/527
wrong reference to oss-sec. correct one is http://seclists.org/oss-sec/2017/q1/527
(In reply to Vasily Averin from comment #1) > wrong reference to oss-sec. > correct one is > http://seclists.org/oss-sec/2017/q1/527 Thanks, you are obviously right. Updated.
This was fixed for Fedora in the 4.9.13 kernels.
Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2, as the kernel module 'llc2.ko' with this security flaw is not shipped with the products listed.