Re: Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc

[Alexander Popov <alex.popov () linux com>]

Hello,

There is some additional information about CVE-2017-2636:

On 07.03.2017 20:45, Alexander Popov wrote:
> This is an announcement of CVE-2017-2636, which is a race condition in
> the n_hdlc Linux kernel driver (drivers/tty/n_hdlc.c). It can be exploited
> to gain a local privilege escalation.
>
> This driver provides HDLC serial line discipline and comes as a kernel module
> in many Linux distributions, which have CONFIG_N_HDLC=m in the kernel config.

Exploiting the flaw in the vulnerable module n_hdlc does not require
Microgate or SyncLink hardware. The module is automatically loaded if an
unprivileged user opens a pseudoterminal and calls TIOCSETD ioctl for it
setting N_HDLC line discipline.

The fix is currently on the way to the mainline kernel:
https://git.kernel.org/cgit/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=82f2341c94d270421f383641b7cd670e474db56b

Some Linux distributions have already provided the security update.

However, you can mitigate the flaw manually by blocking n_hdlc autoloading
by a system-wide modprobe rule in /etc/modprobe.d/ (refer to your Linux
distribution documentation). In that case please check that n_hdlc is not
already loaded.

Best regards,
Alexander