The security expert Alexander Popov from Positive Technologies has discovered a race condition in the n_hdlc driver that might be exploited by attackers for privilege escalation in the operating system.
The vulnerability tracked as CVE-2017-2636, received a CVSS v3 score of 7.8., it went uncovered for seven years but it is not possible to say if hackers have exploited it in the wild.
“This is an announcement of CVE-2017-2636, which is a race condition in the n_hdlc Linux kernel driver (drivers/tty/n_hdlc.c). It can be exploited to gain a local privilege escalation.” reads the security advisory published on SecList. “This driver provides HDLC serial line discipline and comes as a kernel module in many Linux distributions, which have CONFIG_N_HDLC=m in the kernel config. Exploiting the flaw in the vulnerable module n_hdlc does not require Microgate or SyncLink hardware. The module is automatically loaded if an unprivileged user opens a pseudoterminal and calls TIOCSETD ioctl for it setting N_HDLC line discipline.”
Tha attackers can automatically load the flawed module with just unprivileged user rights and without using any special hardware.
Linux users can install latest security updates or manually disable the vulnerable module.
Popov explained that the vulnerability is widespread on Linux systems due to its age.
According to the expert, the vulnerability was introduced on June 22, 2009. It was spotted years later during system calls testing with the syzkaller fuzzer and it was reported to kernel.org along with a patch to solve it and a PoC exploit code.
The flaw was publicly disclosed on March 7, and development team behind the major distributions quickly released security updates.