PT-2017-2785 · Linux+5 · Linux Kernel+5

Tong Lin

+2

·

Published

2017-02-10

·

Updated

2025-09-29

·

CVE-2017-10661

CVSS v2.0

7.6

High

VectorAV:N/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.10.15
Description The issue is related to a race condition in the fs/timerfd.c component of the Linux kernel, which can be exploited by local users through simultaneous file-descriptor operations. This can lead to privilege escalation or a denial of service, resulting in list corruption or use-after-free. The vulnerability is associated with improper might cancel queueing.
Recommendations For Linux kernel versions prior to 4.10.15, update to version 4.10.15 or later to resolve the issue. As a temporary workaround, consider restricting simultaneous file-descriptor operations to minimize the risk of exploitation.

Exploit

Fix

DoS

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

ALSA-2025_16880
ALT-PU-2017-1601
ALT-PU-2018-1991
BDU:2017-02044
CESA-2018_3083
CVE-2017-10661
DLA-1099-1
DSA-3981-1
ELSA-2017-3636
ELSA-2017-3637
ELSA-2018-3083
RHSA-2018:3083
RHSA-2018:3096
RHSA-2018_3083
RHSA-2018_3096
RHSA-2019:4057
RHSA-2019:4058
RHSA-2020:0036
SUSE-SU-2017:2525-1
SUSE-SU-2017:2694-1
SUSE-SU-2017:2908-1
SUSE-SU-2017:2920-1
SUSE-SU-2017:3265-1
SUSE-SU-2017:3286-1
SUSE-SU-2017:3287-1
SUSE-SU-2017:3288-1
SUSE-SU-2017:3289-1
SUSE-SU-2017:3290-1
SUSE-SU-2017:3291-1
SUSE-SU-2017:3292-1
SUSE-SU-2017:3293-1
SUSE-SU-2017:3296-1
SUSE-SU-2017:3299-1
SUSE-SU-2017:3301-1
SUSE-SU-2017:3302-1
SUSE-SU-2017:3303-1
SUSE-SU-2017:3304-1
SUSE-SU-2017:3305-1
SUSE-SU-2017:3306-1
SUSE-SU-2017:3308-1
SUSE-SU-2017:3309-1
SUSE-SU-2017:3310-1
SUSE-SU-2017:3312-1
SUSE-SU-2017:3313-1
SUSE-SU-2017:3316-1
SUSE-SU-2017:3318-1
SUSE-SU-2017:3320-1
SUSE-SU-2017:3321-1
SUSE-SU-2017:3322-1
SUSE-SU-2017:3323-1
SUSE-SU-2017:3332-1
SUSE-SU-2017:3336-1
SUSE-SU-2017:3337-1
SUSE-SU-2017:3340-1
SUSE-SU-2017_2525-1
SUSE-SU-2017_2908-1
SUSE-SU-2017_2920-1
SUSE-SU-2017_3265-1
SUSE-SU-2017_3287-1
SUSE-SU-2017_3289-1
SUSE-SU-2017_3293-1
SUSE-SU-2017_3299-1
SUSE-SU-2017_3301-1
SUSE-SU-2017_3302-1
SUSE-SU-2017_3303-1
SUSE-SU-2017_3304-1
SUSE-SU-2017_3305-1
SUSE-SU-2017_3308-1
SUSE-SU-2017_3309-1
SUSE-SU-2017_3312-1
SUSE-SU-2017_3313-1
SUSE-SU-2017_3316-1
SUSE-SU-2017_3318-1
SUSE-SU-2017_3320-1
SUSE-SU-2017_3321-1
SUSE-SU-2017_3322-1
SUSE-SU-2017_3323-1
SUSE-SU-2017_3332-1
SUSE-SU-2017_3336-1
SUSE-SU-2017_3337-1
SUSE-SU-2017_3340-1
USN-3470-1
USN-3470-2

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu