The Linux team has patched a “dangerous” vulnerability in the Linux kernel that allowed attackers to elevate their access rights and crash affected systems.
The security issue, tracked as CVE-2017-2636, existed in the Linux kernel for the past seven years, after being introduced in the code in 2009.
This is the fourth “years-old” security flaw discovered in the Linux kernel after similar flaws came to light last fall and winter.
Bug affected Linux HDLC driver
According to Alexander Popov, Linux engineer for Positive Technologies, CVE-2017-2636 affects n_hdlc driver, responsible for dealing with High-Level Data Link Control (HDLC) data, one of the lesser known protocols that makes the Internet go.
Popov says the n_hdlc driver was affected by a double-freeing of kernel memory, a type of security bug that occurs when an application frees the same memory address twice, which in some cases can lead to memory errors that could be exploited by attackers.
The bug received a vulnerability severity score of 7.8 out of 10, being categorized as “dangerous,” because it allowed attackers an easy avenue to gain root privileges on affected machines.
Bug’s age means it’s very widespread
“The vulnerability is old, so it is widespread across Linux workstations and servers,” Popov explains. “To automatically load the flawed module, an attacker needs only unprivileged user rights. Additionally, the exploit doesn’t require any special hardware.
” The researcher says the vulnerability affects a large number of Linux distros, such as RHEL 6/7, Fedora, SUSE, Debian, and Ubuntu.
If users can’t apply the latest patch, Popov recommends blocking the vulnerable n_hdlc from loading via a system-wide modprobe rule in /etc/modprobe.d/.
Similar flaw discovered and patched in February
Popov said he discovered this flaw using syzkaller, a security code auditing tool created by Google.
Researchers also used syzkaller to discover CVE-2017-6074, another double-free vulnerability that affected the Linux kernel, introduced eleven years ago, in 2005, and patched in February 2017.
Other years-old security flaws recently patched include CVE-2016-8655, a security flaw introduced in 2011 that allowed attackers to gain root privileges, and the Dirty COW zero-day, CVE-2016-5195, introduced in 2007 and patched last fall, which was used in live attacks before receiving a patch.