oss-sec mailing list archives
Re: Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc
From: Alexander Popov <alex.popov () linux com>
Date: Thu, 9 Mar 2017 00:51:03 +0300
Hello, There is some additional information about CVE-2017-2636: On 07.03.2017 20:45, Alexander Popov wrote:
This is an announcement of CVE-2017-2636, which is a race condition in the n_hdlc Linux kernel driver (drivers/tty/n_hdlc.c). It can be exploited to gain a local privilege escalation. This driver provides HDLC serial line discipline and comes as a kernel module in many Linux distributions, which have CONFIG_N_HDLC=m in the kernel config.
Exploiting the flaw in the vulnerable module n_hdlc does not require Microgate or SyncLink hardware. The module is automatically loaded if an unprivileged user opens a pseudoterminal and calls TIOCSETD ioctl for it setting N_HDLC line discipline. The fix is currently on the way to the mainline kernel: https://git.kernel.org/cgit/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=82f2341c94d270421f383641b7cd670e474db56b Some Linux distributions have already provided the security update. However, you can mitigate the flaw manually by blocking n_hdlc autoloading by a system-wide modprobe rule in /etc/modprobe.d/ (refer to your Linux distribution documentation). In that case please check that n_hdlc is not already loaded. Best regards, Alexander
Current thread:
- Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc Alexander Popov (Mar 07)
- Re: Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc Alexander Popov (Mar 08)
- Re: Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc Alexander Popov (Mar 30)