PT-2017-10944 · Linux+2 · Linux+2

Published

2017-10-09

Updated

2018-04-11

CVE-2017-1000255

CVSS v2.0

6.6

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux versions 4.9-rc1 and later, with CONFIG PPC TRANSACTIONAL MEM enabled

Description A flaw in the Linux kernel allows a user process to craft a signal frame and trigger an exception, enabling an attacker to overwrite arbitrary kernel memory locations with arbitrary values. This occurs on Linux running on PowerPC hardware (Power8 or later) when a sigreturn is executed after crafting a signal frame. The exception handling produces an oops and potentially a panic if panic on oops=1, but only after kernel memory has been overwritten.

Recommendations For Linux versions 4.9-rc1 and later with CONFIG PPC TRANSACTIONAL MEM enabled, consider disabling transactional memory (TM) support by setting CONFIG PPC TRANSACTIONAL MEM to 'n' to mitigate the risk of exploitation.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2017-2424

ALT-PU-2017-2425

CVE-2017-1000255

RHSA-2018:0654

USN-3443-1

USN-3443-2

USN-3487-1

Affected Products

Alt Linux

Linux

Ubuntu

PT-2017-10944 · Linux+2 · Linux+2

CVE-2017-1000255

Weakness Enumeration

Related Identifiers

Affected Products

References · 60