Skip to main content

7 year old Linux Kernel Vulnerability get patched

Common Vulnerabilities and Exposures ,CVE-2017-2636 gets patch.

 Way back at 2009  a large number of Linux distros, including Red Hat, Debian, Fedora, OpenSUSE, and Ubuntu has been affected with condition issue in the N_HLDC Linux kernel driver – which is responsible for dealing with High-Level Data Link Control (HDLC) data – that leads to double-free vulnerability.


Double Free” is one of the most common memory corruption bug that occurs when the application releases same memory location twice by calling the free() function on the same allocated memory.An unauthenticated attacker may leverage this vulnerability to inject and execute arbitrary code in the security context of currently logged in user.


Positive Technologies researcher Alexander Popov discovered a race condition issue in the N_HLDC Linux kernel driver – which is responsible for dealing with High-Level Data Link Control (HDLC) data – that leads to double-free vulnerability.


Since the flaw dates back to June 2009, Linux enterprise servers and devices have been vulnerable for a long time, but according to Positive Technologies, it is hard to say whether this vulnerability has actively been exploited.

The researcher detected the vulnerability during system calls testing with the syzkaller fuzzer, which is a security code auditing software developed by Google.

users are encouraged to install the latest security updates as soon as possible, but if unable to apply the patch, the researcher advised blocking the flawed module (n_hdlc) manually to safeguard enterprise as well as home use of the operating system.

Popular posts from this blog

The possibility of quantum computing breaking encryption algorithms

The possibility of breaking encryption algorithms is a powerful motivating factor for many countries of the world. Thus, knowledge of the enemy's encryption systems could give a huge advantage in intelligence, while at the same time contributing to the conduct of new fundamental research in the field of physics, since modern experimental systems have at their disposal only less than 100 qubits.    To achieve the useful computing performance of a supercomputer, we probably need machines with hundreds of thousands of qubits. In order for the devices to function correctly, they must correct all minor random errors in the software. In a quantum computer, such errors arise due to imperfect elements of the circuit and the interaction of qubits with their environment. For these reasons, qubits can lose coherence in literally a split second. A quantum computer with 100 qubits can simultaneously represent 2100 solutions. For some tasks, this exponential parallelism can be used to create a h

How to install cloudflare wrap on linux

 command mode dumb......expert user edition   millen@TechGlyphs-Studio:~/Desktop$ wrap-cli wrap-cli: command not found millen@TechGlyphs-Studio:~/Desktop$ curl https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg Command 'curl' not found, but can be installed with: sudo snap install curl  # version 7.86.0, or sudo apt  install curl  # version 7.81.0-1ubuntu1.6 See 'snap info curl' for additional versions. [sudo] password for millen:  gpg: no valid OpenPGP data found. millen@TechGlyphs-Studio:~/Desktop$ sudo apt  install curl Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages were automatically installed and are no longer required:   chromium-codecs-ffmpeg-extra gstreamer1.0-vaapi libflashrom1 libftdi1-2   libgstreamer-plugins-bad1.0-0 Use 'sudo apt autoremove' to remove them. The following NEW packages will be in

Simple steps to protect your privacy.

  Step 1. Download DuckDuckGo on all your devices With just one download you'll get tracker blocking, private searching, increased encrypting, and privacy grading on all of your browsing. Our mobile app for iOS/Android (DuckDuckGo Privacy Browser) and browser extensions for Firefox, Chrome, and Safari (DuckDuckGo Privacy Essentials) has all of this in one seamless package. Privacy, simplified. Step 2. Update your software Your device operating systems get out-of-date over time, and old software can contain security bugs or settings that leak personal data. Set your devices (and the apps on them) them to update automatically. That way you'll always have the latest, safest versions. Step 3. Update your privacy settings Make sure your devices are using the best privacy settings. Here are step-by-step instructions for all the major device types. Especially make sure you adjust per-app location settings, so that your location history isn’t leaking where it shouldn’t. For extra bonus