PT-2017-2409 · Linux+3 · Linux Kernel+3

Published

2017-06-18

Updated

2023-01-17

CVE-2017-1000379

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux Kernel version 4.11.5

Description The issue is related to insufficient access control in the Linux kernel, which can be exploited by a local attacker to manipulate stack data. On AMD64 systems, the Linux Kernel may map the contents of PIE executable, the heap, or ld.so to the stack's location, making it easier for attackers to manipulate the stack.

Recommendations For Linux Kernel version 4.11.5, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2017-1781

ALT-PU-2017-1854

BDU:2017-01612

CESA-2017_1484

CESA-2017_1486

CESA-2017_1842

CVE-2017-1000379

RHSA-2017:1482

RHSA-2017:1484

RHSA-2017:1485

RHSA-2017:1486

RHSA-2017:1487

RHSA-2017:1488

RHSA-2017:1489

RHSA-2017:1490

RHSA-2017:1491

RHSA-2017:1616

RHSA-2017:1647

RHSA-2017:1842

RHSA-2017_1482

RHSA-2017_1484

RHSA-2017_1486

RHSA-2017_1616

RHSA-2017_1842

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

PT-2017-2409 · Linux+3 · Linux Kernel+3

CVE-2017-1000379

Weakness Enumeration

Related Identifiers

Affected Products

References · 31