CVE-2017-6074 Linux Kernel DCCP Vulnerability

February 22, 2017

A Linux kernel vulnerability allowing privilege escalation has been found that affects most major Linux distributions, including Ubuntu. The fix for this vulnerability, identified by CVE-2017-6074, has been applied to all servers managed by ServerPilot.

The vulnerability involves a memory handling error in Linux kernel network code related to the Datagram Congestion Control Protocol (DCCP). This vulnerability can be exploited on systems where the DCCP kernel is available.

What We Have Done

As the vulnerability is in kernel code related to DCCP, a protocol not used by ServerPilot, ServerPilot has disabled loading of the insecure kernel module on all servers.

What You Should Do

No action is required by you.

Optional: Reboot to Run Updated Kernel

Though not required as ServerPilot has disabled the affected kernel module so that it is not exploitable, some users may still prefer to also run the updated kernel released by Ubuntu that patches the vulnerable code.

ServerPilot has already installed the updated kernel on all servers. To use this updated kernel, SSH in to your server as root and reboot your server with the following command:

sudo reboot

For DigitalOcean users with Ubuntu 12.04 or 14.04 servers, you also need to switch your server to DigitalOcean's new kernel management to use the updated kernel. If your DigitalOcean server is running Ubuntu 16.04, you do not need to do this as all Ubuntu 16.04 servers use DigitalOcean's new kernel management by default.

Don't hesitate to contact us if you have any questions.