ArchLinux: 201612-8: linux-zen: privilege escalation
Summary
A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.
Resolution
Upgrade to 4.8.12-2.
# pacman -Syu "linux-zen>=4.8.12-2"
The problem has been fixed upstream but no release is available yet.
References
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ https://seclists.org/oss-sec/2016/q4/607 https://access.redhat.com/security/cve/CVE-2016-8655
Workaround
None.