Important Information Regarding Linux Kernel Vulnerability (CVE-2016-8655)

Publish Time: 2016-12-07 00:00:00 UTC+8

Last Updated: 2016-12-07 12:00:00 UTC+8

Severity: Important

Status: Resolved

Description

A race condition issue that led to a use-after-free (UAF) vulnerability was found in the networking subsystem of Linux kernel. Unprivileged local users could use this vulnerability to elevate their privileges in the system to trigger unpredictable attacks.

Severity

Important

Update Availability

Synology will release a DSM 6.0 update (6.0.2-8451-6) and SRM update (1.1.2-6425-2) to address this issue in the coming weeks.

References

http://seclists.org/oss-sec/2016/q4/607
https://access.redhat.com/security/cve/CVE-2016-8655
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8655.html
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c