CVE-2017-1000370
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems.
El parche offset2lib tal como es usado por el Kernel de Linux contiene una vulnerabilidad que permite que un binario PIE sea execve()'ed con 1 GB de argumentos o cadenas de entorno, entonces la pila ocupa la dirección 0x80000000 y el binario PIE se asigna por encima de 0x40000000 haciendo null la protección del parche offset2lib. Esto afecta al Kernel de Linux versión 4.11.5 y anteriores. Este es un problema diferente al CVE-2017-1000371. Este problema parece estar limitado a los sistemas basados en i386.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-06-19 CVE Reserved
- 2017-06-19 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/99149 | Third Party Advisory | |
| https://access.redhat.com/security/cve/CVE-2017-1000370 | Third Party Advisory | |
| https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/42274 | 2024-08-05 | |
| https://www.exploit-db.com/exploits/42273 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3981 | 2023-01-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.1 < 4.1.43 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.1 < 4.1.43" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.2 < 4.4.78 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.78" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.39 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.39" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.11.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.11.12" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.12 < 4.12.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.12 < 4.12.3" | - |
Affected
| ||||||