Add description for CVE-2017-2636

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5055 e094ebfe-e918-0410-adfb-c712417f3574
author: Salvatore Bonaccorso <carnil@debian.org> 2017-03-08 09:23:30 +0000
committer: Salvatore Bonaccorso <carnil@debian.org> 2017-03-08 09:23:30 +0000
commit: 27a74318e1e0861b7f0625a03e68ae17d77cb80f (patch)
tree: 23744e7396dcf41d8e582a85baf9fc9f255d062a /dsa-texts/3.16.39-1+deb8u2
parent: 492024efbad253f7f186d6f71af729a7e90510c4 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/dsa-texts/3.16.39-1+deb8u2 b/dsa-texts/3.16.39-1+deb8u2
index bd7fda34..1280e271 100644
--- a/dsa-texts/3.16.39-1+deb8u2
+++ b/dsa-texts/3.16.39-1+deb8u2
@@ -9,6 +9,14 @@ impacts.
 
 CVE-2016-9588
 CVE-2017-2636
+
+    Alexander Popov discovered a race condition flaw in the N_HLDC when
+    accessing n_hdlc.tbuf that can lead to double free. A local,
+    unprivileged user can take advantage of this flaw for privilege
+    escalation. On systems that do not already have the n_hdlc module
+    loaded, this can be mitigated by disabling it:
+    echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false
+
 CVE-2017-5669
 CVE-2017-5986
 CVE-2017-6214
author	Salvatore Bonaccorso <carnil@debian.org>	2017-03-08 09:23:30 +0000
committer	Salvatore Bonaccorso <carnil@debian.org>	2017-03-08 09:23:30 +0000
commit	27a74318e1e0861b7f0625a03e68ae17d77cb80f (patch)
tree	23744e7396dcf41d8e582a85baf9fc9f255d062a /dsa-texts/3.16.39-1+deb8u2
parent	492024efbad253f7f186d6f71af729a7e90510c4 (diff)