ArchLinux: 201612-5: linux-grsec: privilege escalation
Summary
Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges.
Resolution
Upgrade to 1:4.8.12.r201612031658-2.
# pacman -Syu "linux-grsec>=1:4.8.12.r201612031658-2"
The problem has been fixed upstream but no release is available yet.
References
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ https://seclists.org/oss-sec/2016/q4/607 https://access.redhat.com/security/cve/CVE-2016-8655
Workaround
None.