CVE-2017-2636 Linux kernel flaw was spotted after seven years and quickly fixed

Pierluigi Paganini March 16, 2017

A flaw recently fixed in the Linux kernel tracked as CVE-2017-2636 might have been exploited to gain privilege escalation or cause a DoS condition.

The security expert Alexander Popov from Positive Technologies has discovered a race condition in the n_hdlc driver that might be exploited by attackers for privilege escalation in the operating system.

Linux kernel CVE-2017-2636 flaw

The vulnerability tracked as CVE-2017-2636, received a CVSS v3 score of 7.8., it went uncovered for seven years but it is not possible to say if hackers have exploited it in the wild.

“This is an announcement of CVE-2017-2636, which is a race condition in the n_hdlc Linux kernel driver (drivers/tty/n_hdlc.c). It can be exploited to gain a local privilege escalation.” reads the security advisory published on SecList. “This driver provides HDLC serial line discipline and comes as a kernel module in many Linux distributions, which have CONFIG_N_HDLC=m in the kernel config. Exploiting the flaw in the vulnerable module n_hdlc does not require Microgate or SyncLink hardware. The module is automatically loaded if an unprivileged user opens a pseudoterminal and calls TIOCSETD ioctl for it setting N_HDLC line discipline.”

Tha attackers can automatically load the flawed module with just unprivileged user rights and without using any special hardware.

The CVE-2017-2636 vulnerability affects the majority of popular Linux distributions including UbuntuRHEL 6/7, Fedora, SUSE, and Debian.

Linux users can install latest security updates or manually disable the vulnerable module.

Popov explained that the vulnerability is widespread on Linux systems due to its age.

According to the expert, the vulnerability was introduced on June 22, 2009. It was spotted years later during system calls testing with the syzkaller fuzzer and it was reported to kernel.org along with a patch to solve it and a PoC exploit code.

The flaw was publicly disclosed on March 7, and development team behind the major distributions quickly released security updates.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – CVE-2017-2636, Linux)



you might also like

leave a comment