Home > Vulnerability Database > CVE-2017-1000253

Mend.io Vulnerability Database

CVE-2017-1000253

Good to know:

Date: October 3, 2017

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary.

Language: C

Severity Score

7.8

Related Resources (18)

Url: https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt

Url: https://access.redhat.com/errata/RHSA-2017:2793

Url: http://www.securityfocus.com/bid/101010

Url: https://access.redhat.com/errata/RHSA-2017:2795

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2017-1000253

Url: https://access.redhat.com/errata/RHSA-2017:2794

Url: https://access.redhat.com/errata/RHSA-2017:2797

Url: https://access.redhat.com/errata/RHSA-2017:2796

Url: https://access.redhat.com/errata/RHSA-2017:2799

Url: https://access.redhat.com/errata/RHSA-2017:2798

Url: https://access.redhat.com/errata/RHSA-2017:2801

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-1000253

Url: https://access.redhat.com/errata/RHSA-2017:2800

Url: http://www.securitytracker.com/id/1039434

Url: https://access.redhat.com/errata/RHSA-2017:2802

Url: https://access.redhat.com/security/cve/CVE-2017-1000253

Url: https://security-tracker.debian.org/tracker/CVE-2017-1000253

Url: https://www.mend.io/vulnerability-database/CVE-2017-1000253

Severity Score

7.8

Weakness Type (CWE)

Buffer Errors

CWE-119

Top Fix

Upgrade Version

Upgrade to version v4.1-rc1,v3.12.43,v3.14.41,v3.16.35,v3.18.14,v3.2.70

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.2
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-1000253

Good to know:

Date: October 3, 2017

Language: C

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?