Skip to main content

7 year old Linux Kernel Vulnerability get patched

Common Vulnerabilities and Exposures ,CVE-2017-2636 gets patch.

 Way back at 2009  a large number of Linux distros, including Red Hat, Debian, Fedora, OpenSUSE, and Ubuntu has been affected with condition issue in the N_HLDC Linux kernel driver – which is responsible for dealing with High-Level Data Link Control (HDLC) data – that leads to double-free vulnerability.


Double Free” is one of the most common memory corruption bug that occurs when the application releases same memory location twice by calling the free() function on the same allocated memory.An unauthenticated attacker may leverage this vulnerability to inject and execute arbitrary code in the security context of currently logged in user.


Positive Technologies researcher Alexander Popov discovered a race condition issue in the N_HLDC Linux kernel driver – which is responsible for dealing with High-Level Data Link Control (HDLC) data – that leads to double-free vulnerability.


Since the flaw dates back to June 2009, Linux enterprise servers and devices have been vulnerable for a long time, but according to Positive Technologies, it is hard to say whether this vulnerability has actively been exploited.

The researcher detected the vulnerability during system calls testing with the syzkaller fuzzer, which is a security code auditing software developed by Google.

users are encouraged to install the latest security updates as soon as possible, but if unable to apply the patch, the researcher advised blocking the flawed module (n_hdlc) manually to safeguard enterprise as well as home use of the operating system.

Comments

Popular posts from this blog

Freenom ICANN registrar accreditation suspended for cybersquatting

OpenTLD, its registrar business, has been told it cannot accept new registrations or inbound transfers from July 8 to October 6 or until it provides ICANN with a full list of the names it squatted. I believe it’s the first time ICANN has suspended a registrar for this reason. ICANN has found that OpenTLD has engaged in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party in which the Registered Name Holder has no rights or legitimate interest   To avoid termination, it has to provide ICANN with a list of all of its trademark infringing names, agree to transfer them to the mark owners or delete them, and bunch of other stuff. Source Letter

Will 5G cause a Digital divide in society ?

How 5G make huge difference in future and its negative impact on you.