CVE-2017-1000253

05.10.2017, 01:29

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 97%

Vendor	Product	Version
centos	centos	6.0
centos	centos	6.1
centos	centos	6.2
centos	centos	6.3
centos	centos	6.4
centos	centos	6.5
centos	centos	6.6
centos	centos	6.7
centos	centos	6.8
centos	centos	6.9
centos	centos	7.1406
centos	centos	7.1503
centos	centos	7.1511
centos	centos	7.1611
redhat	enterprise_linux	6.0
redhat	enterprise_linux	6.1
redhat	enterprise_linux	6.2
redhat	enterprise_linux	6.3
redhat	enterprise_linux	6.4
redhat	enterprise_linux	6.5
redhat	enterprise_linux	6.6
redhat	enterprise_linux	6.7
redhat	enterprise_linux	6.8
redhat	enterprise_linux	6.9
redhat	enterprise_linux	7.0
redhat	enterprise_linux	7.1
redhat	enterprise_linux	7.2
redhat	enterprise_linux	7.3
linux	linux_kernel	2.6.25 ≤ 𝑥 < 3.2.70
linux	linux_kernel	3.3 ≤ 𝑥 < 3.4.109
linux	linux_kernel	3.5 ≤ 𝑥 < 3.10.77
linux	linux_kernel	3.11 ≤ 𝑥 < 3.12.43
linux	linux_kernel	3.13 ≤ 𝑥 < 3.14.41
linux	linux_kernel	3.15 ≤ 𝑥 < 3.16.35
linux	linux_kernel	3.17 ≤ 𝑥 < 3.18.14
linux	linux_kernel	3.19 ≤ 𝑥 < 3.19.7
linux	linux_kernel	4.0 ≤ 𝑥 < 4.0.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.226-1 fixed
bookworm	6.1.106-3 fixed
bookworm (security)	6.1.112-1 fixed
trixie	6.11.5-1 fixed
sid	6.11.6-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

bionic	not-affected
artful	not-affected
zesty	not-affected
xenial	not-affected
trusty	Fixed 3.13.0-57.95 released

linux-armadaxp

bionic	dne
artful	dne
zesty	dne
xenial	dne
trusty	dne

linux-aws

bionic	not-affected
artful	dne
zesty	dne
xenial	not-affected
trusty	not-affected

linux-azure

bionic	not-affected
artful	dne
zesty	dne
xenial	not-affected
trusty	not-affected

linux-euclid

bionic	dne
artful	dne
zesty	dne
xenial	not-affected
trusty	dne

linux-flo

bionic	dne
artful	dne
zesty	dne
xenial	ignored
trusty	dne

linux-gcp

bionic	not-affected
artful	dne
zesty	dne
xenial	not-affected
trusty	dne

linux-gke

bionic	dne
artful	dne
zesty	dne
xenial	not-affected
trusty	dne

linux-goldfish

bionic	dne
artful	dne
zesty	ignored
xenial	ignored
trusty	dne

linux-grouper

bionic	dne
artful	dne
zesty	dne
xenial	dne
trusty	dne

linux-hwe

bionic	not-affected
artful	dne
zesty	dne
xenial	not-affected
trusty	dne

linux-hwe-edge

bionic	Fixed 4.18.0-8.9~18.04.1 released
artful	dne
zesty	dne
xenial	not-affected
trusty	dne

linux-kvm

bionic	not-affected
artful	dne
zesty	dne
xenial	not-affected
trusty	dne

linux-linaro-omap

bionic	dne
artful	dne
zesty	dne
xenial	dne
trusty	dne

linux-linaro-shared

bionic	dne
artful	dne
zesty	dne
xenial	dne
trusty	dne

linux-linaro-vexpress

bionic	dne
artful	dne
zesty	dne
xenial	dne
trusty	dne

linux-lts-quantal

bionic	dne
artful	dne
zesty	dne
xenial	dne
trusty	dne

linux-lts-raring

bionic	dne
artful	dne
zesty	dne
xenial	dne
trusty	dne

linux-lts-saucy

bionic	dne
artful	dne
zesty	dne
xenial	dne
trusty	dne

linux-lts-trusty

bionic	dne
artful	dne
zesty	dne
xenial	dne
trusty	dne

linux-lts-utopic

bionic	dne
artful	dne
zesty	dne
xenial	dne
trusty	dne

linux-lts-vivid

bionic	dne
artful	dne
zesty	dne
xenial	dne
trusty	ignored

linux-lts-wily

bionic	dne
artful	dne
zesty	dne
xenial	dne
trusty	dne

linux-lts-xenial

bionic	dne
artful	dne
zesty	dne
xenial	dne
trusty	not-affected

linux-maguro

bionic	dne
artful	dne
zesty	dne
xenial	dne
trusty	dne

linux-mako

bionic	dne
artful	dne
zesty	dne
xenial	ignored
trusty	dne

linux-manta

bionic	dne
artful	dne
zesty	dne
xenial	dne
trusty	dne

linux-oem

bionic	not-affected
artful	dne
zesty	dne
xenial	not-affected
trusty	dne

linux-qcm-msm

bionic	dne
artful	dne
zesty	dne
xenial	dne
trusty	dne

linux-raspi2

bionic	not-affected
artful	not-affected
zesty	not-affected
xenial	not-affected
trusty	dne

linux-snapdragon

bionic	not-affected
artful	not-affected
zesty	not-affected
xenial	not-affected
trusty	dne

linux-ti-omap4

bionic	dne
artful	dne
zesty	dne
xenial	dne
trusty	dne

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://www.securityfocus.com/bid/101010

http://www.securitytracker.com/id/1039434

https://access.redhat.com/errata/RHSA-2017:2793

https://access.redhat.com/errata/RHSA-2017:2794

https://access.redhat.com/errata/RHSA-2017:2795

https://access.redhat.com/errata/RHSA-2017:2796

https://access.redhat.com/errata/RHSA-2017:2797

https://access.redhat.com/errata/RHSA-2017:2798

https://access.redhat.com/errata/RHSA-2017:2799

https://access.redhat.com/errata/RHSA-2017:2800

https://access.redhat.com/errata/RHSA-2017:2801

https://access.redhat.com/errata/RHSA-2017:2802

https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt