A local privilege esclation flaw has been fixed in the Linux kernel, but several upstream distributions have yet to release updates. Administrators should plan on mitigating the vulnerability on Linux servers and workstations themselves and monitor the distributions for their update plans.
The race condition flaw in the n_hdlc driver (drivers/tty/n_hdlc.c) in the Linux kernel through 4.10.1 (CVE-2017-2636) can lead to a double-free error in n_hdlc_release() when accessing the n_hdlc.tbuf list, said Alexander Popov, a researcher at Russia-based Positive Technologies who found and reported the flaw. A local, unprivileged user able to set the HDLC line discipline on the tty device could exploit this flaw and gain increased privileges over the affected system or cause a denial-of-service condition.
To read this article in full or to leave a comment, please click here