Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 613300 (CVE-2017-2636)

Summary: kernel: local privilege escalation flaw in n_hdlc
Product: Gentoo Security Reporter: kuzetsa CatSwarm (kuza for short) <kuzetsa>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2017/03/07/6
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 613446    
Bug Blocks:    

Description kuzetsa CatSwarm (kuza for short) 2017-03-20 11:19:25 UTC
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.
Comment 1 kuzetsa CatSwarm (kuza for short) 2017-03-20 11:22:19 UTC
Original upstream patch on the 4.11 tree (still in RC status)

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82f2341c94d270421f383641b7cd670e474db56b

I haven't had the time to confirm which 4.9.x / 4.10.x versions are still vulnerable (as well as older kernels with longterm branches) but for sys-kernel/ck-sources I'm planning to identify and remove older versions which still contain this flaw.
Comment 2 dwfreed 2017-03-20 11:49:25 UTC
(fwiw, the referenced fixing commit exists in 4.9.15 and 4.10.3)
Comment 3 kuzetsa CatSwarm (kuza for short) 2017-03-20 12:09:33 UTC
(In reply to dwfreed from comment #2)
> (fwiw, the referenced fixing commit exists in 4.9.15 and 4.10.3)

Thanks, sure enough those versions do have upstream-backported fixes for v4.9.15 and v4.10.3 respectively:

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.9.y&id=e5b9778761558ff3d239ed76925a1a7a734918ea

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.10.y&id=72e5440223836633e2b5e658e7503d8b0e795f5d

As for decisions about other versions / branches, I'm opting to leave that to interested parties (I'm only qualified to comment on sys-kernel/ck-sources, which only has the latest branch, and latest longterm branch)

These two versions are already in the portage tree for sys-kernel/ck-sources so I'll drop the (vulnerable) older versions when I have a minute.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2017-03-24 06:26:20 UTC
Even though security does not track kernel vulnerabilities, assigning CVE for compliance.
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-25 22:59:17 UTC
Fixed in 4.9.15, 4.11