Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.
Original upstream patch on the 4.11 tree (still in RC status) https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82f2341c94d270421f383641b7cd670e474db56b I haven't had the time to confirm which 4.9.x / 4.10.x versions are still vulnerable (as well as older kernels with longterm branches) but for sys-kernel/ck-sources I'm planning to identify and remove older versions which still contain this flaw.
(fwiw, the referenced fixing commit exists in 4.9.15 and 4.10.3)
(In reply to dwfreed from comment #2) > (fwiw, the referenced fixing commit exists in 4.9.15 and 4.10.3) Thanks, sure enough those versions do have upstream-backported fixes for v4.9.15 and v4.10.3 respectively: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.9.y&id=e5b9778761558ff3d239ed76925a1a7a734918ea https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.10.y&id=72e5440223836633e2b5e658e7503d8b0e795f5d As for decisions about other versions / branches, I'm opting to leave that to interested parties (I'm only qualified to comment on sys-kernel/ck-sources, which only has the latest branch, and latest longterm branch) These two versions are already in the portage tree for sys-kernel/ck-sources so I'll drop the (vulnerable) older versions when I have a minute.
Even though security does not track kernel vulnerabilities, assigning CVE for compliance.
Fixed in 4.9.15, 4.11