Vulnerability discovered in Linux HDLC driver

This is Yamada from the Systems Department

A vulnerability in the Linux kernel, announced on March 7th, was caused by a very old component.
(Primary source:
CVE-2017-2636)

A race condition in the `n_hdlc.c` driver in the Linux kernel through version 4.10.1 allows local users to gain privileges or causes a denial of service (double free) by setting the HDLC line discipline

HDLC (High-Level Data Link Control) is a communication technology used for point-to-multipoint communication, similar to modems and ISDN, which are rarely seen these days. *Beep beep beep*. The screen is Windows.

It's not that you don't need to worry because you're not using a modem driver; please see this page.

The n_hdlc kernel module will be automatically loaded when an application attempts to use the HDLC line discipline from userspace .

So it seems like you need to be careful

This page provides solutions

​# echo "install n_hdlc /bin/true" >> /etc/modprobe.d/disable-n_hdlc.conf

They have posted a solution to prevent the n_hdlc module from being loaded by restarting the computer as follows

applies to Red Hat Enterprise Linux 6, 7, and Red Hat Enterprise MRG 2, so
be sure to check for updates to these patches.

Now, if you're a Beyond MSP user, we handle everything from checking for security vulnerabilities to addressing them. If
you're exhausted from dealing with the constant stream of vulnerability updates,contact us hereand you'll have an easier time!