Date: Thu, 9 Mar 2017 00:51:03 +0300 From: Alexander Popov <alex.popov@...ux.com> To: oss-security@...ts.openwall.com Subject: Re: Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc Hello, There is some additional information about CVE-2017-2636: On 07.03.2017 20:45, Alexander Popov wrote: > This is an announcement of CVE-2017-2636, which is a race condition in > the n_hdlc Linux kernel driver (drivers/tty/n_hdlc.c). It can be exploited > to gain a local privilege escalation. > > This driver provides HDLC serial line discipline and comes as a kernel module > in many Linux distributions, which have CONFIG_N_HDLC=m in the kernel config. Exploiting the flaw in the vulnerable module n_hdlc does not require Microgate or SyncLink hardware. The module is automatically loaded if an unprivileged user opens a pseudoterminal and calls TIOCSETD ioctl for it setting N_HDLC line discipline. The fix is currently on the way to the mainline kernel: https://git.kernel.org/cgit/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=82f2341c94d270421f383641b7cd670e474db56b Some Linux distributions have already provided the security update. However, you can mitigate the flaw manually by blocking n_hdlc autoloading by a system-wide modprobe rule in /etc/modprobe.d/ (refer to your Linux distribution documentation). In that case please check that n_hdlc is not already loaded. Best regards, Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ