CVE-2017-2636 Linux kernel flaw was spotted after seven years and quickly fixed

A flaw recently fixed in the Linux kernel tracked as CVE-2017-2636 might have been exploited to gain privilege escalation or cause a DoS condition.

The security expert Alexander Popov from Positive Technologies has discovered a race condition in the n_hdlc driver that might be exploited by attackers for privilege escalation in the operating system.

The vulnerability tracked as CVE-2017-2636, received a CVSS v3 score of 7.8., it went uncovered for seven years but it is not possible to say if hackers have exploited it in the wild.

“This is an announcement of CVE-2017-2636, which is a race condition in the n_hdlc Linux kernel driver (drivers/tty/n_hdlc.c). It can be exploited to gain a local privilege escalation.” reads the security advisory published on SecList. “This driver provides HDLC serial line discipline and comes as a kernel module in many Linux distributions, which have CONFIG_N_HDLC=m in the kernel config. Exploiting the flaw in the vulnerable module n_hdlc does not require Microgate or SyncLink hardware. The module is automatically loaded if an unprivileged user opens a pseudoterminal and calls TIOCSETD ioctl for it setting N_HDLC line discipline.”

Tha attackers can automatically load the flawed module with just unprivileged user rights and without using any special hardware.

The CVE-2017-2636 vulnerability affects the majority of popular Linux distributions including Ubuntu, RHEL 6/7, Fedora, SUSE, and Debian.

Linux users can install latest security updates or manually disable the vulnerable module.

Popov explained that the vulnerability is widespread on Linux systems due to its age.

According to the expert, the vulnerability was introduced on June 22, 2009. It was spotted years later during system calls testing with the syzkaller fuzzer and it was reported to kernel.org along with a patch to solve it and a PoC exploit code.

The flaw was publicly disclosed on March 7, and development team behind the major distributions quickly released security updates.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – CVE-2017-2636, Linux)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.