CVE-2017-2636 : local kernel privilege escalation

Comments

As I am using Red Hat Insights to regularly check my systems for reliability and stability reasons, I received a notification today that there is a vulnerability affecting the Linux kernel's implementation of the HDLC (High-Level Data Link Control) TTY line discipline implementation. I followed the instructions for a workaround until an updated kernel with the final fix gets released :

su
echo "install n_hdlc /bin/true" >> /etc/modprobe.d/disable-n_hdlc.conf
reboot

Once executed sudo /usr/bin/redhat-access-insights manually after the restart of the system, the security warning is not reported any more - which is the indication that the security issue was solved successfully. I am sharing this firstly in order to inform other users about this vulnerability and secondly to show how useful Red Hat Insights is and why I recommend to use it.

Reference :

https://access.redhat.com/insights/actions/critical
https://access.redhat.com/security/cve/cve-2017-2636
https://access.redhat.com/security/vulnerabilities/CVE-2017-2636

Started 2017-03-09T17:03:51+00:00 by

Christian Labisch

Community Leader Guru 35650 points

Select Your Language

CVE-2017-2636 : local kernel privilege escalation

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links