CVE-2017-6074  is a double-free vulnerability I found in the Linux kernel. It can be exploited to gain kernel code execution from an unprivileged processes. The kernel needs to be built with CONFIG_IP_DCCP for the vulnerability to be present. A lot of modern distributions enable this option by default.
Fixed on Feb 17, 2017 . The oldest version that I checked is 2.6.18 (Sep 2006), which is vulnerable. However, the bug was introduced before that, probably in the first release with DCCP support (2.6.14, Oct 2005).
I initially reported this vulnerability to [email protected] following the coordinated disclosure process. The timeline and more details about the vulnerability can be found in my announcement on oss-security . A proof-of-concept exploit for the 4.4.0-62-generic #83-Ubuntu kernel can be found here [4, 5].
The reason I'm reporting this now is that I just saw a similar bug  in the Windows kernel reported to this program and that reminded me of a Sandbox Escape program that used to be on HackerOne. I thought it makes sense to see if IBB would come back to considering this kind of bugs eligible for a bounty.
This vulnerability allows a local attacker to elevate privileges to root on a machine with vulnerable Linux kernel version.