CVE-2017-1000253

A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable (PIE), the loader could allow part of that application’s data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system.

Mitigation

By setting vm.legacy_va_layout to 1 we can effectively disable the exploitation of this issue by switching to the legacy mmap layout. The mmap allocations start much lower in the process address space and follow the bottom-up allocation model. As such, the initial PIE executable mapping is far from the reserved stack area and cannot interfere with the stack.

64-bit processes on Red Hat Enterprise Linux 5 are forced to use the legacy virtual address space layout regardless of the vm.legacy_va_layout value.

Note: Applications that have demands for a large linear address space (such as certain databases) may be unable to handle the legacy memory layout proposed using this mitigation. We recommend to test your systems and applications before deploying this mitigation on production systems.

Edit the /etc/sysctl.conf file as root, and add or amend:

vm.legacy_va_layout = 1  

To apply this setting, run the /sbin/sysctl -p command as the root user to reload the settings from /etc/sysctl.conf.

Verify that vm.legacy_va_layout is now set to defined value:

$ /sbin/sysctl vm.legacy_va_layout  
vm.legacy_va_layout = 1