Published on: 17 March 2017
A local privilege escalation vulnerability is found in the Linux kernel 4.10.1 and earlier versions. The vulnerability is caused by a race condition flaw in the kernel driver. A local attacker may leverage this vulnerability in the affected systems to gain root privileges.
Successful exploitation could lead to denial of service, elevation of privilege or compromise of a vulnerable system.
The vulnerability is fixed in some of the Linux distributions. Linux system administrators should check with their product vendors to confirm if their Linux systems are affected and the availability of patches, and if so, upgrade to the fixed versions or follow the recommendations provided by the product vendors to mitigate the risk.
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.3
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2636
https://www.ubuntu.com/usn/usn-3220-3/
https://www.debian.org/security/2017/dsa-3804.en.html
https://access.redhat.com/security/cve/cve-2017-2636