By Eduard Kovacs on March 16, 2017
A researcher has identified another potentially serious Linux kernel vulnerability that has been around for several years. The flaw was addressed in the kernel more than one week ago, but some of the affected Linux distributions have yet to release patches.
The security hole was discovered using the syzkaller fuzzer by Positive Technologies expert Alexander Popov, who reported it to Linux kernel developers on February 28. The researcher said the vulnerability was introduced in June 2009.
The flaw, tracked as CVE-2017-2636, is a race condition in the n_hdlc driver that can lead to a double-free error. A local attacker with limited privileges can exploit the weakness to cause a denial-of-service (DoS) condition or escalate privileges.
Full Article
Another Old Flaw Patched in Linux Kernel
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.