CVE-2017-2636

Description

Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.

CVSS Metrics

• v3.1•HIGH•Score: 7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
• v2.0•MEDIUM•Score: 6.9AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.52%• Percentile: 67%

Techniques & Countermeasures

• CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

  The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

• CWE-415•Double Free

  The product calls free() twice on the same memory address.

Affected Systems

• debian•debian_linux

  8.0

• linux•linux_kernel

  ≥ 2.6.31, < 3.2.87 | ≥ 3.3, < 3.10.106 | ≥ 3.11, < 3.12.72 | ≥ 3.13, < 3.16.42 | ≥ 3.17, < 3.18.49 | ≥ 3.19, < 4.1.49 | ≥ 4.2, < 4.4.54 | ≥ 4.5, < 4.9.15 | ≥ 4.10, < 4.10.3

References (16)

• https://access.redhat.com/errata/RHSA-2017:0892
• http://www.securityfocus.com/bid/96732
• http://www.securitytracker.com/id/1037963
• https://access.redhat.com/errata/RHSA-2017:0932
• http://www.openwall.com/lists/oss-security/2017/03/07/6
• https://bugzilla.redhat.com/show_bug.cgi?id=1428319
• https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html
• https://access.redhat.com/errata/RHSA-2017:1125
• https://access.redhat.com/errata/RHSA-2017:0933
• https://access.redhat.com/errata/RHSA-2017:1232
• https://access.redhat.com/errata/RHSA-2017:0931
• http://www.debian.org/security/2017/dsa-3804
• https://access.redhat.com/errata/RHSA-2017:1233
• https://access.redhat.com/errata/RHSA-2017:1488
• https://access.redhat.com/errata/RHSA-2017:0986
• https://access.redhat.com/errata/RHSA-2017:1126