CVE-2017-10661
Linux kernel < 4.10.15 - Race Condition Privilege Escalation
Severity Score
7.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.
Una condición de carrera en fs/timerfd.c en el kernel Linux en versiones anteriores a la 4.10.15 permite que usuarios locales obtengan privilegios o provoquen una denegación de servicio (corrupción de lista o use-after-free) mediante operaciones simultáneas de descriptor de archivo que aprovechan la cola inadecuada might_cancel.
A race condition was found in the Linux kernel before version 4.11-rc1 in 'fs/timerfd.c' file which allows a local user to cause a kernel list corruption or use-after-free via simultaneous operations with a file descriptor which leverage improper 'might_cancel' queuing. An unprivileged local user could use this flaw to cause a denial of service of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-06-28 CVE Reserved
- 2017-08-19 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-08-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- CWE-416: Use After Free
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/100215 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/43345 | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3981 | 2024-03-14 | |
| http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.15 | 2024-03-14 | |
| https://access.redhat.com/errata/RHSA-2018:3083 | 2024-03-14 | |
| https://access.redhat.com/errata/RHSA-2018:3096 | 2024-03-14 | |
| https://access.redhat.com/errata/RHSA-2019:4057 | 2024-03-14 | |
| https://access.redhat.com/errata/RHSA-2019:4058 | 2024-03-14 | |
| https://access.redhat.com/errata/RHSA-2020:0036 | 2024-03-14 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1481136 | 2020-01-07 | |
| https://access.redhat.com/security/cve/CVE-2017-10661 | 2020-01-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 3.2.92 Search vendor "Linux" for product "Linux Kernel" and version " < 3.2.92" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.3 < 3.16.47 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.16.47" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.18.52 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.52" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.19 < 4.1.41 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.1.41" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.2 < 4.4.67 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.67" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.27 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.27" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.10.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.10.15" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Aus Search vendor "Redhat" for product "Enterprise Linux Aus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Aus" and version "7.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" and version "7.4" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||