CVE-2017-17053

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.12.10

Description The issue arises from the init new context function in the Linux kernel, which does not correctly handle errors from LDT table allocation when forking a new process. This allows a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. The vulnerability is specific to kernels built with CONFIG MODIFY LDT SYSCALL=y.

Recommendations For versions prior to 4.12.10, update to version 4.12.10 or later to resolve the issue. As a temporary workaround, consider disabling the init new context function or restricting the use of CONFIG MODIFY LDT SYSCALL=y until a patch is available.