An old vulnerability was just discovered in the Linux kernel, potentially allowing hackers to gain privilege escalation, or cause a denial of service. The vulnerability was quickly fixed and there has been no signs of it in the wild, although that does not necessarily mean it went unnoticed.
According to Positive Technologies expert, Alexander Popov, the CVE-2017-2636 vulnerability is seven years old, and has affected the majority of popular Linux distributions, including RHEL 6/7, Fedora, SUSE, Debian, and Ubuntu.
Alexander Popov found a “race condition in the n_hdlc driver that leads to double-freeing of kernel memory, which can be exploited for privilege escalation in the operating system”.
Positive Technologies evaluated the vulnerability as dangerous, with a CVSS v3 score of 7.8.
"The vulnerability is old, so it is widespread across Linux workstations and servers,” notes Alexander Popov. “To automatically load the flawed module, an attacker needs only unprivileged user rights. Additionally, the exploit doesn't require any special hardware.”
The flaw, which was introduced on June 22, 2009, was revealed during system call testing with the syzkaller fuzzer. The flaw was reported to kernerl.org on February 28 this year, and was officially patched on March 7.
“The bug can also be mitigated manually with special rules that block kernel modules from loading,” the security researchers added.
Image Source: Profit_Image / Shutterstock