CVE-2017-2636 log
Source |
|
Severity | High |
Remote | No |
Type | Privilege escalation |
Description | A race condition flaw was found in the N_HLDC Linux kernel driver when accessing the n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to crash the system or increase their privileges on the system. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-203 | linux-zen | 4.10.1-1 | 4.10.2-1 | High | Fixed | FS#53242 |
AVG-201 | linux-grsec | 1:4.9.13.r201702261126-1 | 1:4.9.14.r201703121245-1 | High | Fixed | FS#53242 |
AVG-200 | linux-lts | 4.9.13-1 | 4.9.14-1 | High | Fixed | FS#53242 |
AVG-192 | linux | 4.10.1-1 | 4.10.2-1 | High | Fixed | FS#53242 |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
14 Mar 2017 | ASA-201703-8 | AVG-192 | linux | High | privilege escalation |
13 Mar 2017 | ASA-201703-7 | AVG-201 | linux-grsec | High | privilege escalation |
12 Mar 2017 | ASA-201703-6 | AVG-200 | linux-lts | High | privilege escalation |
16 Mar 2017 | ASA-201703-13 | AVG-203 | linux-zen | High | privilege escalation |
References |
---|
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=82f2341c94d270421f383641b7cd670e474db56b http://seclists.org/oss-sec/2017/q1/569 |
Notes |
---|
Workaround: # echo "install n_hdlc /bin/true" >> /etc/modprobe.d/disable-n_hdlc.conf Patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=82f2341c94d270421f383641b7cd670e474db56b Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=be10eb7589337e5defbe214dae038a53dd21add8 |