Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 9 Mar 2017 00:51:03 +0300
From: Alexander Popov <alex.popov@...ux.com>
To: oss-security@...ts.openwall.com
Subject: Re: Linux kernel: CVE-2017-2636: local privilege escalation flaw in
 n_hdlc

Hello,

There is some additional information about CVE-2017-2636:

On 07.03.2017 20:45, Alexander Popov wrote:
> This is an announcement of CVE-2017-2636, which is a race condition in
> the n_hdlc Linux kernel driver (drivers/tty/n_hdlc.c). It can be exploited
> to gain a local privilege escalation.
> 
> This driver provides HDLC serial line discipline and comes as a kernel module
> in many Linux distributions, which have CONFIG_N_HDLC=m in the kernel config.

Exploiting the flaw in the vulnerable module n_hdlc does not require
Microgate or SyncLink hardware. The module is automatically loaded if an
unprivileged user opens a pseudoterminal and calls TIOCSETD ioctl for it
setting N_HDLC line discipline.

The fix is currently on the way to the mainline kernel:
https://git.kernel.org/cgit/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=82f2341c94d270421f383641b7cd670e474db56b

Some Linux distributions have already provided the security update.

However, you can mitigate the flaw manually by blocking n_hdlc autoloading
by a system-wide modprobe rule in /etc/modprobe.d/ (refer to your Linux
distribution documentation). In that case please check that n_hdlc is not
already loaded.

Best regards,
Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ