[kernel-sec-discuss] r5055 - dsa-texts
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Mar 8 09:23:30 UTC 2017
Author: carnil
Date: 2017-03-08 09:23:30 +0000 (Wed, 08 Mar 2017)
New Revision: 5055
Modified:
dsa-texts/3.16.39-1+deb8u2
Log:
Add description for CVE-2017-2636
Modified: dsa-texts/3.16.39-1+deb8u2
===================================================================
--- dsa-texts/3.16.39-1+deb8u2 2017-03-08 09:19:21 UTC (rev 5054)
+++ dsa-texts/3.16.39-1+deb8u2 2017-03-08 09:23:30 UTC (rev 5055)
@@ -9,6 +9,14 @@
CVE-2016-9588
CVE-2017-2636
+
+ Alexander Popov discovered a race condition flaw in the N_HLDC when
+ accessing n_hdlc.tbuf that can lead to double free. A local,
+ unprivileged user can take advantage of this flaw for privilege
+ escalation. On systems that do not already have the n_hdlc module
+ loaded, this can be mitigated by disabling it:
+ echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false
+
CVE-2017-5669
CVE-2017-5986
CVE-2017-6214
More information about the kernel-sec-discuss
mailing list