CVE-2017-6001
kernel: Race condition between multiple sys_perf_event_open() calls
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.
Condición de carrera en kernel/events/core.c en el kernel de Linux en versiones anteriores a 4.9.7 permite a usuarios locales obtener privilegios a través de una aplicación manipulada que hace llamadas concurrentes al sistema perf_event_open para mover un grupo de software en un contexto hardware. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2016-6786.
It was found that the original fix for CVE-2016-6786 was incomplete. There exist a race between two concurrent sys_perf_event_open() calls when both try and move the same pre-existing software group into a hardware context.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-02-15 CVE Reserved
- 2017-02-18 CVE Published
- 2024-08-05 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (13)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/96264 | Third Party Advisory | |
https://source.android.com/security/bulletin/pixel/2017-11-01 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2017/dsa-3791 | 2024-02-09 | |
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7 | 2024-02-09 | |
https://access.redhat.com/errata/RHSA-2017:1842 | 2024-02-09 | |
https://access.redhat.com/errata/RHSA-2017:2077 | 2024-02-09 | |
https://access.redhat.com/errata/RHSA-2017:2669 | 2024-02-09 | |
https://access.redhat.com/errata/RHSA-2018:1854 | 2024-02-09 | |
https://access.redhat.com/security/cve/CVE-2017-6001 | 2018-06-19 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.18.54 < 3.18.92 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.18.54 < 3.18.92" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.0 < 4.4.65 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 4.4.65" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.7" | - |
Affected
|