edit-icon download-icon

[Vulnerability notice] CVE-2017-2636: Linux kernel local elevation of privilege vulnerability in the n_hdlc driver

Last Updated: Mar 19, 2018

On March 7, 2017, a local elevation of privilege vulnerability in the Linux kernel was made public. A race condition in drivers/tty/n_hdlc.c in the Linux kernels earlier than 4.10.1 allows local users to gain elevation of privilege or cause a denial of service by setting the HDLC line discipline.

This vulnerability was introduced as early as June 22, 2009. The Linux kernels released after that date may be affected.

See the following for more information about the vulnerability.


CVE identifier

CVE-2017-2636

Vulnerability name

Linux kernel local elevation of privilege vulnerability in the n_hdlc driver

Vulnerability rating

High

Vulnerability description

This vulnerability is due to a race condition in the n_hdlc driver (drivers/tty/n_hdlc.c) of the Linux kernel. Successful exploits can lead to local elevation of privilege to the highest administrator privilege, allowing the attacker to gain the highest level of permissions in the operating system.

The n_hdlc driver provides the HDLC serial line discipline and comes as a kernel module in many Linux releases, which have CONFIG_N_HDLC = m in the kernel configuration.

Condition and method of exploitation

An unprivileged user can exploit this vulnerability to gain local elevation of privilege in a Linux operating system.

Affected scope

Linux kernel 2.6.31 and later with CONFIG_N_HDLC=y/m in the kernel configuration.

Vulnerability detection

None

How to fix or mitigate

Manually upgrade to the latest kernel version.

Note: Back up snapshots before the upgrade.

Reference

[1]. http://www.openwall.com/lists/oss-security/2017/03/07/6
[2]. https://git.kernel.org/cgit/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=82f2341c94d270421f383641b7cd670e474db56b
[3]. Red Hat Enterprise Linux/CentOS: https://access.redhat.com/security/cve/CVE-2017-2636
[4]. Debian: https://security-tracker.debian.org/tracker/CVE-2017-2636
[5]. Ubuntu: https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2636.html
[6]. SUSE/openSUSE: https://www.suse.com/security/cve/CVE-2017-2636.html

Thank you! We've received your feedback.