The Complete Magazine on Open Source

Russian developer finds an 8-year-old security hole in Linux kernel

5.85K 0

Linux

A Russian developer has found a serious bug in Linux kernel that has been residing since June 2009. The race condition flaw lies in the n_hdlc modem drivers.

Alexander Popov, who has been working at Russia’s Positive Technologies as a Linux developer, has found that the race condition within the kernel can expose the security credentials and give a local, unprivileged access to users. Alongside reporting the issue, Popov released a fix to help millions of Linux users.

“This is an announcement of CVE-2017-2636, which is a race condition in the n_hdlc Linux kernel driver (drivers/tty/n_hdlc.c). It can be exploited to gain a local privilege escalation,” writes Popov in a mailing list announcement.

Apart from gaining a local privilege escalation, attackers can achieve higher privileges on a vulnerable system to cause a DDoS attack. Exploiting this security hole is comparatively easier. Further, attackers are reported to exploit this loophole without any specialised hardware or peripherals.

Affects even the latest version

The vulnerability is spotted even in Linux kernel 4.10.1, which belongs to the latest series.

The bug is rated at 7.8 by Common Vulnerability Scoring System (CVSS). Therefore, it is recommended to install its patch at the earliest.

Canonical has already released patches for all the Ubuntu versions. SUSE is also reportedly working on the patch.

If your distribution has not received the security patch yet, you can prevent your system by completely blocking the module. You simply need to modify your system-wide mod probe rules. Also, you can run the command # echo "install n_hdlc /bin/true" >> /etc/modprobe.d/disable-n_hdlc.conf to patch the bug.