net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. This vulnerability was introduced by CVE-2017-5986 fix (commit 2dcab5984841). Upstream patch: https://github.com/torvalds/linux/commit/dfcb9f4f99f1e9a49e43398a7bfbf56927544af1
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1428910]
Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2, as the problem code is not presented in the products listed.
kernel-4.9.13-101.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.