CVE-2017-2636: Linux local privilege escalation flaw in ‘n_hdlc’Mattias Geniar, Thursday, March 9, 2017
This comes just weeks after the previous local root exploit (CVE-2017-6074 – local privilege escalation in DCCP).
This is an announcement of CVE-2017-2636, which is a race condition in the n_hdlc Linux kernel driver (drivers/tty/n_hdlc.c). It can be exploited to gain a local privilege escalation.
This driver provides HDLC serial line discipline and comes as a kernel module in many Linux distributions, which have CONFIG_N_HDLC=m in the kernel config.
Patching is, luckily, relatively trivial, as was the DCCP vulnerability.
$ echo "install n_hdlc /bin/true" >> /etc/modprobe.d/disable-n_hdlc.conf
Make sure to roll that one to your fleet of servers today!