Ancient local privilege escalation vulnerability in the kernel announced

Andrey Konovalov has announced the discovery and fix of a local privilege escalation in the Linux kernel. Using the syzkaller fuzzer (which LWN looked at around one year ago), he found a double-free in the Datagram Congestion Control Protocol (DCCP) implementation that goes back to at least September 2006 (2.6.18), but probably all the way back to the introduction of DCCP in October 2005 (2.6.14). "[At] this point we have a use-after-free on some_object. An attacker cancontrol what object that would be and overwrite it's content witharbitrary data by using some of the kernel heap spraying techniques.If the overwritten object has any triggerable function pointers, anattacker gets to execute arbitrary code within the kernel.I'll publish an exploit in a few days, giving people time to update."