CVE-2017-2636

HIGH

Description

Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.

References

http://www.debian.org/security/2017/dsa-3804

http://www.openwall.com/lists/oss-security/2017/03/07/6

http://www.securityfocus.com/bid/96732

http://www.securitytracker.com/id/1037963

https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html

https://access.redhat.com/errata/RHSA-2017:0892

https://access.redhat.com/errata/RHSA-2017:0931

https://access.redhat.com/errata/RHSA-2017:0932

https://access.redhat.com/errata/RHSA-2017:0933

https://access.redhat.com/errata/RHSA-2017:0986

https://access.redhat.com/errata/RHSA-2017:1125

https://access.redhat.com/errata/RHSA-2017:1126

https://access.redhat.com/errata/RHSA-2017:1232

https://access.redhat.com/errata/RHSA-2017:1233

https://access.redhat.com/errata/RHSA-2017:1488

https://bugzilla.redhat.com/show_bug.cgi?id=1428319

Details

Source: MITRE

Published: 2017-03-07

Updated: 2018-01-05

Type: CWE-415

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (64 total)

ID	Name	Product	Family	Severity
102774	OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0145) (Stack Clash)	Nessus	OracleVM Local Security Checks	critical
102773	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3609) (Stack Clash)	Nessus	Oracle Linux Local Security Checks	critical
102511	Oracle Linux 7 : kernel (ELSA-2017-1842-1) (Stack Clash)	Nessus	Oracle Linux Local Security Checks	critical
102317	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2099-1)	Nessus	SuSE Local Security Checks	high
102315	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2096-1)	Nessus	SuSE Local Security Checks	high
102314	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2095-1)	Nessus	SuSE Local Security Checks	high
102312	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2093-1)	Nessus	SuSE Local Security Checks	high
102311	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2092-1)	Nessus	SuSE Local Security Checks	high
102307	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2088-1)	Nessus	SuSE Local Security Checks	high
102254	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2073-1)	Nessus	SuSE Local Security Checks	high
102253	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2072-1)	Nessus	SuSE Local Security Checks	high
102252	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2061-1)	Nessus	SuSE Local Security Checks	high
102251	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2060-1)	Nessus	SuSE Local Security Checks	high
102219	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2049-1)	Nessus	SuSE Local Security Checks	high
101449	Virtuozzo 7 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0933)	Nessus	Virtuozzo Local Security Checks	high
101443	Virtuozzo 6 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0892)	Nessus	Virtuozzo Local Security Checks	high
100898	RHEL 6 : kernel (RHSA-2017:1488) (Stack Clash)	Nessus	Red Hat Local Security Checks	high
100240	RHEL 6 : kernel (RHSA-2017:1233)	Nessus	Red Hat Local Security Checks	high
100239	RHEL 6 : kernel (RHSA-2017:1232)	Nessus	Red Hat Local Security Checks	high
100238	OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0106)	Nessus	OracleVM Local Security Checks	critical
100235	Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3567)	Nessus	Oracle Linux Local Security Checks	critical
99913	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1066)	Nessus	Huawei Local Security Checks	high
99902	EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1057)	Nessus	Huawei Local Security Checks	high
99684	RHEL 6 : kernel (RHSA-2017:1126)	Nessus	Red Hat Local Security Checks	high
99683	RHEL 7 : kernel (RHSA-2017:1125)	Nessus	Red Hat Local Security Checks	high
99453	RHEL 6 : kernel (RHSA-2017:0986)	Nessus	Red Hat Local Security Checks	high
99386	Oracle Linux 7 : kernel (ELSA-2017-0933-1)	Nessus	Oracle Linux Local Security Checks	high
99383	CentOS 7 : kernel (CESA-2017:0933)	Nessus	CentOS Local Security Checks	high
99351	Scientific Linux Security Update : kernel on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
99346	RHEL 7 : kernel (RHSA-2017:0933)	Nessus	Red Hat Local Security Checks	high
99345	RHEL 6 : MRG (RHSA-2017:0932)	Nessus	Red Hat Local Security Checks	high
99344	RHEL 7 : kernel-rt (RHSA-2017:0931)	Nessus	Red Hat Local Security Checks	high
99338	RHEL 6 : kernel (RHSA-2017:0892)	Nessus	Red Hat Local Security Checks	high
99333	Oracle Linux 7 : kernel (ELSA-2017-0933)	Nessus	Oracle Linux Local Security Checks	high
99316	CentOS 6 : kernel (CESA-2017:0892)	Nessus	CentOS Local Security Checks	high
99315	Virtuozzo 7 : readykernel-patch (VZA-2017-028)	Nessus	Virtuozzo Local Security Checks	high
99301	Scientific Linux Security Update : kernel on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
99298	Oracle Linux 6 : kernel (ELSA-2017-0892)	Nessus	Oracle Linux Local Security Checks	high
99181	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0913-1)	Nessus	SuSE Local Security Checks	high
99180	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0912-1)	Nessus	SuSE Local Security Checks	high
99164	OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0058)	Nessus	OracleVM Local Security Checks	high
99163	OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)	Nessus	OracleVM Local Security Checks	critical
99162	OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0056)	Nessus	OracleVM Local Security Checks	high
99161	Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3535)	Nessus	Oracle Linux Local Security Checks	high
99160	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3534)	Nessus	Oracle Linux Local Security Checks	high
99159	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3533)	Nessus	Oracle Linux Local Security Checks	high
99157	openSUSE Security Update : the Linux Kernel (openSUSE-2017-419)	Nessus	SuSE Local Security Checks	high
99156	openSUSE Security Update : the Linux Kernel (openSUSE-2017-418)	Nessus	SuSE Local Security Checks	high
99092	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0866-1)	Nessus	SuSE Local Security Checks	high
99091	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0865-1)	Nessus	SuSE Local Security Checks	high
99090	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0864-1)	Nessus	SuSE Local Security Checks	high
99048	F5 Networks BIG-IP : Linux kernel vulnerability (K18015201)	Nessus	F5 Networks Local Security Checks	high
97677	Fedora 25 : kernel (2017-387ff46a66)	Nessus	Fedora Local Security Checks	high
97675	Fedora 24 : kernel (2017-2e1f3694b2)	Nessus	Fedora Local Security Checks	high
97640	Debian DLA-849-1 : linux security update	Nessus	Debian Local Security Checks	high
97633	Ubuntu 16.04 LTS : linux-aws vulnerability (USN-3220-3)	Nessus	Ubuntu Local Security Checks	high
97615	Debian DSA-3804-1 : linux - security update	Nessus	Debian Local Security Checks	high
97608	Ubuntu 16.04 LTS : linux-hwe vulnerability (USN-3221-2)	Nessus	Ubuntu Local Security Checks	high
97607	Ubuntu 16.10 : linux, linux-raspi2 vulnerability (USN-3221-1)	Nessus	Ubuntu Local Security Checks	high
97606	Ubuntu 14.04 LTS : linux-lts-xenial vulnerability (USN-3220-2)	Nessus	Ubuntu Local Security Checks	high
97605	Ubuntu 16.04 LTS : linux, linux-gke, linux-raspi2, linux-snapdragon vulnerability (USN-3220-1)	Nessus	Ubuntu Local Security Checks	high
97604	Ubuntu 12.04 LTS : linux-lts-trusty vulnerability (USN-3219-2)	Nessus	Ubuntu Local Security Checks	high
97603	Ubuntu 14.04 LTS : linux vulnerability (USN-3219-1)	Nessus	Ubuntu Local Security Checks	high
97602	Ubuntu 12.04 LTS : linux, linux-ti-omap4 vulnerability (USN-3218-1)	Nessus	Ubuntu Local Security Checks	high