'Dangerous' 7-year-old Linux Kernel vulnerability discovered

'Dangerous' 7-year-old Linux Kernel vulnerability discovered

Users are encouraged to install the latest security updates or block the flawed module manually to safeguard enterprise and home use of the OS.

Positive Technologies security researcher Alexander Popov, has found and fixed a vulnerability (CVE-2017-2636) in the Linux kernel that allowed local users to gain privilege escalation or cause a denial of service attack.

This issue affects the majority of popular Linux distributions including RHEL 6/7,Fedora, SUSE, Debian, and Ubuntu.

The researcher found a race condition in the n_hdlc driver that leads to double-freeing of kernel memory, which can be exploited for privilege escalation in the operating system. The bug was evaluated as dangerous with a CVSS v3 score of 7.8.

"The vulnerability is old, so it is widespread across Linux workstations and servers,” notes Alexander Popov. “To automatically load the flawed module, an attacker needs only unprivileged user rights. Additionally, the exploit doesn't require any special hardware.”

The discovered flaw was introduced on 22,June 2009. It was revealed during system calls testing with the syzkaller fuzzer. On 28 February, 2017, the researcher reported the vulnerability to kernel.org and attached the patch to fix it and the exploit prototype.

On 7 March the CVE-2017-2636 vulnerability was disclosed, and the security updates were published. The bug can also be mitigated manually with special rules that block kernel modules from loading.

This article originally appeared at scmagazineuk.com

Source: Copyright © SC Magazine, UK edition

See more about:  kernel  |  linux  |  vulnerability
 
 

Readers of this article also read...

Pickpockets and hackers, the latest cyber-crime marriage 

Pickpockets and hackers, the latest cyber-crime marriage

 
Review: TI Power 7700K desktop PC 

Review: TI Power 7700K desktop PC

 
Payday for BlackBerry as Qualcomm loses patent case 

Payday for BlackBerry as Qualcomm loses patent case

 
Zero-day bug in Word could allow hackers to take over your PC 

Zero-day bug in Word could allow hackers to take over your PC

 
Get the Windows 10 Creators Update right now 

Get the Windows 10 Creators Update right now

 

Latest Comments

Latest Competitions

WIN!!! A D-Link Omna security cam! 

WIN!!! A D-Link Omna security cam!

Watch your home from anywhere!
 

From our Partners

PC & Tech Authority Downloads