Discover Government News

Arch Linux Security Advisory ASA-201703-6
========================================
Severity: High
Date    : 2017-03-12
CVE-ID  : CVE-2017-2636
Package : linux-lts
Type    : privilege escalation
Remote  : No
Link    : https://security.archlinux.org/AVG-200

Summary
======
The package linux-lts before version 4.9.14-1 is vulnerable to
privilege escalation.

Resolution
=========
Upgrade to 4.9.14-1.

# pacman -Syu "linux-lts>=4.9.14-1"

The problem has been fixed upstream in version 4.9.14.

Workaround
=========
# echo "install n_hdlc /bin/true" >> /etc/modprobe.d/disable-n_hdlc.conf

Description
==========
A race condition flaw was found in the N_HLDC Linux kernel driver when
accessing the n_hdlc.tbuf list that can lead to double free. A local,
unprivileged user able to set the HDLC line discipline on the tty
device could use this flaw to crash the system or increase their
privileges on the system.

Impact
=====
A local attacker is able to escalate privileges or crash the system.

References
=========
https://bugs.archlinux.org/task/53242
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=82f2341c94d270421f383641b7cd670e474db56b
https://seclists.org/oss-sec/2017/q1/569
https://security.archlinux.org/CVE-2017-2636

ArchLinux: 201703-6: linux-lts: privilege escalation

March 13, 2017

Summary

A race condition flaw was found in the N_HLDC Linux kernel driver when accessing the n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to crash the system or increase their privileges on the system.

Resolution

Upgrade to 4.9.14-1. # pacman -Syu "linux-lts>=4.9.14-1"
The problem has been fixed upstream in version 4.9.14.

References

https://bugs.archlinux.org/task/53242 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=82f2341c94d270421f383641b7cd670e474db56b https://seclists.org/oss-sec/2017/q1/569 https://security.archlinux.org/CVE-2017-2636

Severity
Package : linux-lts
Type : privilege escalation
Remote : No
Link : https://security.archlinux.org/AVG-200

Workaround

# echo "install n_hdlc /bin/true" >> /etc/modprobe.d/disable-n_hdlc.conf

Related News