PT-2017-3586 · Linux+3 · Linux Kernel+3

Published

2017-10-03

Updated

2024-02-05

CVE-2017-15126

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.13.6

Description: A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd ctx put(). This flaw may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations: For Linux kernel versions prior to 4.13.6, update to version 4.13.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the userfaultfd ctx put() function until a patch is available.

Fix

Buffer Overflow

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-416

Related Identifiers

ALT-PU-2017-2434

BDU:2018-00518

CESA-2018_1062

CVE-2017-15126

RHSA-2018:0676

RHSA-2018:1062

RHSA-2018_0676

RHSA-2018_1062

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

PT-2017-3586 · Linux+3 · Linux Kernel+3

CVE-2017-15126

Weakness Enumeration

Related Identifiers

Affected Products

References · 21