CVE-2017-2636: Linux local privilege escalation flaw in ‘n_hdlc’

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Mattias Geniar, March 09, 2017

Follow me on Twitter as @mattiasgeniar

This comes just weeks after the previous local root exploit (CVE-2017-6074 – local privilege escalation in DCCP).

This is an announcement of CVE-2017-2636, which is a race condition in the n_hdlc Linux kernel driver (drivers/tty/n_hdlc.c). It can be exploited to gain a local privilege escalation.

This driver provides HDLC serial line discipline and comes as a kernel module in many Linux distributions, which have CONFIG_N_HDLC=m in the kernel config.

Source: Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc

Patching is, luckily, relatively trivial, as was the DCCP vulnerability.

$ echo "install n_hdlc /bin/true" >> /etc/modprobe.d/disable-n_hdlc.conf

Make sure to roll that one to your fleet of servers today!

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.