Lucene search

K
redhatRedHatRHSA-2017:1483
HistoryJun 19, 2017 - 12:00 a.m.

(RHSA-2017:1483) Important: kernel security update

2017-06-1900:00:00
access.redhat.com
37

7.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

61.4%

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

  • A flaw was found in the way memory was being allocated on the stack for user
    space binaries. If heap (or different memory region) and stack memory regions
    were adjacent to each other, an attacker could use this flaw to jump over the
    stack guard gap, cause controlled memory corruption on process stack or the
    adjacent memory region, and thus increase their privileges on the system. This
    is a kernel-side mitigation which increases the stack guard gap size from one
    page to 1 MiB to make successful exploitation of this issue more difficult.
    (CVE-2017-1000364, Important)

Red Hat would like to thank Qualys Research Labs for reporting this issue.

7.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

61.4%