CVE-2017-1000253

HIGH CISA KEV EPSS 95.3%
Published Oct 5, 20178y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Oct 5, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed Sep 9, 2024 1y ago
KEV Due Sep 30, 2024 643d overdue

Description

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

CISA Known Exploited Overdue 643d
Added
Sep 9, 2024
Due
Sep 30, 2024

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

EPSS Exploit Probability
95.3% percentile
Exploit & Patch Status
Actively Exploited (KEV)
Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 37

VendorProductVersionRange
centoscentos6.0any
centoscentos6.1any
centoscentos6.2any
centoscentos6.3any
centoscentos6.4any
centoscentos6.5any
centoscentos6.6any
centoscentos6.7any
centoscentos6.8any
centoscentos6.9any
centoscentos7.1406any
centoscentos7.1503any
centoscentos7.1511any
centoscentos7.1611any
redhatenterprise_linux6.0any
redhatenterprise_linux6.1any
redhatenterprise_linux6.2any
redhatenterprise_linux6.3any
redhatenterprise_linux6.4any
redhatenterprise_linux6.5any
redhatenterprise_linux6.6any
redhatenterprise_linux6.7any
redhatenterprise_linux6.8any
redhatenterprise_linux6.9any
redhatenterprise_linux7.0any
redhatenterprise_linux7.1any
redhatenterprise_linux7.2any
redhatenterprise_linux7.3any
linuxlinux_kernel*≥2.6.25  –  <3.2.70
linuxlinux_kernel*≥3.3  –  <3.4.109
linuxlinux_kernel*≥3.5  –  <3.10.77
linuxlinux_kernel*≥3.11  –  <3.12.43
linuxlinux_kernel*≥3.13  –  <3.14.41
linuxlinux_kernel*≥3.15  –  <3.16.35
linuxlinux_kernel*≥3.17  –  <3.18.14
linuxlinux_kernel*≥3.19  –  <3.19.7
linuxlinux_kernel*≥4.0  –  <4.0.2

References 14

  • securityfocus.com http://www.securityfocus.com/bid/101010
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1039434
    Third Party AdvisoryVDB Entry
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:2793
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:2794
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:2795
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:2796
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:2797
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:2798
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:2799
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:2800
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:2801
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:2802
    Third Party Advisory
  • cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-1000253
    US Government Resource
  • qualys.com https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
    PatchThird Party Advisory

Remediation

  • qualys.com https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
    PatchThird Party Advisory