CVE-2017-2636

HIGH

Linux Kernel < 3.2.87 - Race Condition

Title source: rule

Description

Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.

Exploits (1)

nomisec WRITEUP 1 stars

by alexzorin · poc

https://github.com/alexzorin/cve-2017-2636-el

View Code ZIP pw:eip

References (16)

[Third Party Advisory] http://www.debian.org/security/2017/dsa-3804

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2017/03/07/6

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96732

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037963

[Third Party Advisory] https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:0892

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:0931

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:0932

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:0933

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:0986

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:1125

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:1126

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:1232

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:1233

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:1488

[Issue Tracking, Mitigation, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1428319

Scores

CVSS v3 7.0

EPSS 0.0055

EPSS Percentile 67.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415 CWE-362

Status draft

Affected Products (2)

linux/linux_kernel < 3.2.87

debian/debian_linux

Timeline

Published Mar 07, 2017

Tracked Since Feb 18, 2026