CVE-2017-2636
Severity CVSS v4.0:
Pending analysis
Type:
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
07/03/2017
Last modified:
20/04/2025
Description
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.
Impact
Base Score 3.x
7.00
Severity 3.x
HIGH
Base Score 2.0
6.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.31 (including) | 3.2.87 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.3 (including) | 3.10.106 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.11 (including) | 3.12.72 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.13 (including) | 3.16.42 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.17 (including) | 3.18.49 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.19 (including) | 4.1.49 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.2 (including) | 4.4.54 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.5 (including) | 4.9.15 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.10 (including) | 4.10.3 (excluding) |
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.debian.org/security/2017/dsa-3804
- http://www.openwall.com/lists/oss-security/2017/03/07/6
- http://www.securityfocus.com/bid/96732
- http://www.securitytracker.com/id/1037963
- https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html
- https://access.redhat.com/errata/RHSA-2017:0892
- https://access.redhat.com/errata/RHSA-2017:0931
- https://access.redhat.com/errata/RHSA-2017:0932
- https://access.redhat.com/errata/RHSA-2017:0933
- https://access.redhat.com/errata/RHSA-2017:0986
- https://access.redhat.com/errata/RHSA-2017:1125
- https://access.redhat.com/errata/RHSA-2017:1126
- https://access.redhat.com/errata/RHSA-2017:1232
- https://access.redhat.com/errata/RHSA-2017:1233
- https://access.redhat.com/errata/RHSA-2017:1488
- https://bugzilla.redhat.com/show_bug.cgi?id=1428319
- http://www.debian.org/security/2017/dsa-3804
- http://www.openwall.com/lists/oss-security/2017/03/07/6
- http://www.securityfocus.com/bid/96732
- http://www.securitytracker.com/id/1037963
- https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html
- https://access.redhat.com/errata/RHSA-2017:0892
- https://access.redhat.com/errata/RHSA-2017:0931
- https://access.redhat.com/errata/RHSA-2017:0932
- https://access.redhat.com/errata/RHSA-2017:0933
- https://access.redhat.com/errata/RHSA-2017:0986
- https://access.redhat.com/errata/RHSA-2017:1125
- https://access.redhat.com/errata/RHSA-2017:1126
- https://access.redhat.com/errata/RHSA-2017:1232
- https://access.redhat.com/errata/RHSA-2017:1233
- https://access.redhat.com/errata/RHSA-2017:1488
- https://bugzilla.redhat.com/show_bug.cgi?id=1428319