Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-1000370
HistoryJun 19, 2017 - 12:00 a.m.

CVE-2017-1000370

2017-06-1900:00:00
ubuntu.com
ubuntu.com
31

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.7%

The offset2lib patch as used in the Linux Kernel contains a vulnerability
that allows a PIE binary to be execve()'ed with 1GB of arguments or
environmental strings then the stack occupies the address 0x80000000 and
the PIE binary is mapped above 0x40000000 nullifying the protection of the
offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier.
This is a different issue than CVE-2017-1000371. This issue appears to be
limited to i386 based systems.

Notes

Author Note
tyhicks The original offset2lib issue was not assigned a CVE and the fix is only in 15.04 (Vivid) and newer kernels.
Rows per page:
1-10 of 111

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.7%