ArchLinux: 201612-7: linux-lts: privilege escalation
Summary
Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges.
Resolution
Upgrade to 4.4.36-1.
# pacman -Syu "linux-lts>=4.4.36-1"
The problem has been fixed upstream but no release is available yet.
References
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ https://seclists.org/oss-sec/2016/q4/607 https://access.redhat.com/security/cve/CVE-2016-8655
Workaround
None.