net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. Upstream patches: https://github.com/torvalds/linux/commit/008ba2a13f2d04c947adc536d19debb8fe66f110 https://github.com/torvalds/linux/commit/4971613c1639d8e5f102c4e797c3bf8f83a5a69e https://github.com/torvalds/linux/commit/2bd624b4611ffee36422782d16e1c944d1351e98 References: https://blogs.securiteam.com/index.php/archives/3484
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1505392]
Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as a code with the flaw is not present in the products listed. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future updates for the respective releases may address this issue.
This was fixed with the 4.13.6 kernel for Fedora
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0151 https://access.redhat.com/errata/RHSA-2018:0151
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0152 https://access.redhat.com/errata/RHSA-2018:0152
This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2018:0181 https://access.redhat.com/errata/RHSA-2018:0181