CVE-2017-2636 log
| Source |
|
| Severity | High |
| Remote | No |
| Type | Privilege escalation |
| Description | A race condition flaw was found in the N_HLDC Linux kernel driver when accessing the n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to crash the system or increase their privileges on the system. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-203 | linux-zen | 4.10.1-1 | 4.10.2-1 | High | Fixed | FS#53242 |
| AVG-201 | linux-grsec | 1:4.9.13.r201702261126-1 | 1:4.9.14.r201703121245-1 | High | Fixed | FS#53242 |
| AVG-200 | linux-lts | 4.9.13-1 | 4.9.14-1 | High | Fixed | FS#53242 |
| AVG-192 | linux | 4.10.1-1 | 4.10.2-1 | High | Fixed | FS#53242 |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 14 Mar 2017 | ASA-201703-8 | AVG-192 | linux | High | privilege escalation |
| 13 Mar 2017 | ASA-201703-7 | AVG-201 | linux-grsec | High | privilege escalation |
| 12 Mar 2017 | ASA-201703-6 | AVG-200 | linux-lts | High | privilege escalation |
| 16 Mar 2017 | ASA-201703-13 | AVG-203 | linux-zen | High | privilege escalation |
| References |
|---|
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=82f2341c94d270421f383641b7cd670e474db56b http://seclists.org/oss-sec/2017/q1/569 |
| Notes |
|---|
Workaround: # echo "install n_hdlc /bin/true" >> /etc/modprobe.d/disable-n_hdlc.conf Patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=82f2341c94d270421f383641b7cd670e474db56b Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=be10eb7589337e5defbe214dae038a53dd21add8 |