cvelistv5 - CVE-2017-17053

CVE-2017-17053 (GCVE-0-2017-17053)

Vulnerability from cvelistv5

Published

2017-11-29 03:00

Modified

2024-08-05 20:43

Severity ?

CWE

Summary

The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

fkie_cve-2017-17053

Vulnerability from fkie_nvd

Published

2017-11-29 03:29

Modified

2025-04-20 01:37

Severity ?

7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc	Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/102010	Third Party Advisory, VDB Entry
cve@mitre.org	https://access.redhat.com/errata/RHSA-2018:0676	Third Party Advisory
cve@mitre.org	https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc	Patch, Third Party Advisory
cve@mitre.org	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102010	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:0676	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10	Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A1EB29A-4793-4527-8D94-4736FFCD695B",
              "versionEndExcluding": "4.4.153",
              "versionStartIncluding": "4.4.144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3415528F-A245-41FE-92D4-953ACB5977FD",
              "versionEndExcluding": "4.9.46",
              "versionStartIncluding": "4.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "228B0872-5ADF-4033-B9EE-75A0E0E3D4D0",
              "versionEndExcluding": "4.12.10",
              "versionStartIncluding": "4.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n init_new_context en arch/x86/include/asm/mmu_context.h en el kernel de Linux en versiones anteriores a la 4.12.10 no gestiona errores de asignaci\u00f3n de tablas LDT al bifurcar un nuevo proceso. Esto permite que un atacante local logre un uso de memoria previamente liberada o que, posiblemente, tenga otro impacto sin especificar ejecutando un programa especialmente manipulado. Esta vulnerabilidad solo afecta a los kernels construidos con CONFIG_MODIFY_LDT_SYSCALL=y."
    }
  ],
  "id": "CVE-2017-17053",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-29T03:29:00.300",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102010"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0676"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

suse-su-2018:2413-1

Vulnerability from csaf_suse

Published

2018-08-17 14:57

Modified

2018-08-17 14:57

Summary

Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3)

Notes

Title of the patch

Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3)

Description of the patch

This update for the Linux Kernel 4.4.82-6_6 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bsc#1103203). before 4.14.8 - CVE-2017-17053: The init_new_context function in arch/x86/include/asm/mmu_context.h did not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y (bsc#1096679). - CVE-2017-11600: net/xfrm/xfrm_policy.c did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bsc#1096564) - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108).

Patchnames

SUSE-SLE-Live-Patching-12-SP3-2018-1669,SUSE-SLE-Live-Patching-12-SP3-2018-1670,SUSE-SLE-Live-Patching-12-SP3-2018-1671

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 4.4.82-6_6 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306).\n- CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn\u0027t properly validate the sigevent-\u003esigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bsc#1103203).\nbefore 4.14.8\n- CVE-2017-17053: The init_new_context function in arch/x86/include/asm/mmu_context.h did not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y (bsc#1096679).\n- CVE-2017-11600: net/xfrm/xfrm_policy.c did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bsc#1096564) \n- CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn\u0027t propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Live-Patching-12-SP3-2018-1669,SUSE-SLE-Live-Patching-12-SP3-2018-1670,SUSE-SLE-Live-Patching-12-SP3-2018-1671",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2413-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:2413-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182413-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:2413-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-August/004468.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1096564",
        "url": "https://bugzilla.suse.com/1096564"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1096679",
        "url": "https://bugzilla.suse.com/1096679"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1097108",
        "url": "https://bugzilla.suse.com/1097108"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1099306",
        "url": "https://bugzilla.suse.com/1099306"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1103203",
        "url": "https://bugzilla.suse.com/1103203"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-11600 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-11600/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-17053 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-17053/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-18344 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-18344/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10853 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10853/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-3646 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-3646/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3)",
    "tracking": {
      "current_release_date": "2018-08-17T14:57:02Z",
      "generator": {
        "date": "2018-08-17T14:57:02Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:2413-1",
      "initial_release_date": "2018-08-17T14:57:02Z",
      "revision_history": [
        {
          "date": "2018-08-17T14:57:02Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
                  "product_id": "kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64",
                  "product_id": "kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
                  "product_id": "kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-live-patching:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-live-patching:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-live-patching:12:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-11600",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-11600"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-11600",
          "url": "https://www.suse.com/security/cve/CVE-2017-11600"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050231 for CVE-2017-11600",
          "url": "https://bugzilla.suse.com/1050231"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1096564 for CVE-2017-11600",
          "url": "https://bugzilla.suse.com/1096564"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-11600",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T14:57:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-11600"
    },
    {
      "cve": "CVE-2017-17053",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-17053"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-17053",
          "url": "https://www.suse.com/security/cve/CVE-2017-17053"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1070264 for CVE-2017-17053",
          "url": "https://bugzilla.suse.com/1070264"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1096679 for CVE-2017-17053",
          "url": "https://bugzilla.suse.com/1096679"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T14:57:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-17053"
    },
    {
      "cve": "CVE-2017-18344",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-18344"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn\u0027t properly validate the sigevent-\u003esigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-18344",
          "url": "https://www.suse.com/security/cve/CVE-2017-18344"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2017-18344",
          "url": "https://bugzilla.suse.com/1087082"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102851 for CVE-2017-18344",
          "url": "https://bugzilla.suse.com/1102851"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103203 for CVE-2017-18344",
          "url": "https://bugzilla.suse.com/1103203"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103580 for CVE-2017-18344",
          "url": "https://bugzilla.suse.com/1103580"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215674 for CVE-2017-18344",
          "url": "https://bugzilla.suse.com/1215674"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T14:57:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-18344"
    },
    {
      "cve": "CVE-2018-10853",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10853"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10853",
          "url": "https://www.suse.com/security/cve/CVE-2018-10853"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1097104 for CVE-2018-10853",
          "url": "https://bugzilla.suse.com/1097104"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1097108 for CVE-2018-10853",
          "url": "https://bugzilla.suse.com/1097108"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T14:57:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-10853"
    },
    {
      "cve": "CVE-2018-3646",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-3646"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-3646",
          "url": "https://www.suse.com/security/cve/CVE-2018-3646"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087078 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1087078"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087081 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1087081"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1089343 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1089343"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091107 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1091107"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1099306 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1099306"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104365 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1104365"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104894 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1104894"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1106548 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1106548"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113534 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1113534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1136865 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1136865"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T14:57:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-3646"
    }
  ]
}

cnvd-2017-36609

Vulnerability from cnvd

Title

Linux kernel内存破坏漏洞（CNVD-2017-36609）

Description

Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。 Linux kernel 4.12.10之前的版本中的arch/x86/include/asm/mmu_context.h文件的‘init_new_context’函数存在内存破坏漏洞，该漏洞源于程序未能正确的处理LDT表分配时出现的错误。本地攻击者可借助特制的程序利用该漏洞造成拒绝服务。

Severity

低

Patch Name

Linux kernel内存破坏漏洞（CNVD-2017-36609）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc

Reference

https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc

Impacted products

Name
Linux kernel <4.12.10

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102010"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-17053"
    }
  },
  "description": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux kernel 4.12.10\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684arch/x86/include/asm/mmu_context.h\u6587\u4ef6\u7684\u2018init_new_context\u2019\u51fd\u6570\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406LDT\u8868\u5206\u914d\u65f6\u51fa\u73b0\u7684\u9519\u8bef\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Linux",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-36609",
  "openTime": "2017-12-07",
  "patchDescription": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux kernel 4.12.10\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684arch/x86/include/asm/mmu_context.h\u6587\u4ef6\u7684\u2018init_new_context\u2019\u51fd\u6570\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406LDT\u8868\u5206\u914d\u65f6\u51fa\u73b0\u7684\u9519\u8bef\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Linux kernel\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-36609\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Linux kernel \u003c4.12.10"
  },
  "referenceLink": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc",
  "serverity": "\u4f4e",
  "submitTime": "2017-12-01",
  "title": "Linux kernel\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-36609\uff09"
}

gsd-2017-17053

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-17053

Aliases

CVE-2017-17053

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-17053",
    "description": "The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.",
    "id": "GSD-2017-17053",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-17053.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-17053"
      ],
      "details": "The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.",
      "id": "GSD-2017-17053",
      "modified": "2023-12-13T01:21:04.288380Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-17053",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "102010",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102010"
          },
          {
            "name": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc",
            "refsource": "CONFIRM",
            "url": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc"
          },
          {
            "name": "RHSA-2018:0676",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:0676"
          },
          {
            "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10",
            "refsource": "CONFIRM",
            "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10"
          },
          {
            "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc",
            "refsource": "CONFIRM",
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.12.10",
                "versionStartIncluding": "4.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.4.153",
                "versionStartIncluding": "4.4.144",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.9.46",
                "versionStartIncluding": "4.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17053"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc"
            },
            {
              "name": "102010",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102010"
            },
            {
              "name": "RHSA-2018:0676",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0676"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-06-21T21:01Z",
      "publishedDate": "2017-11-29T03:29Z"
    }
  }
}

ghsa-qv5h-fq2w-c68j

Vulnerability from github

Published

2022-05-14 01:47

Modified

2022-05-14 01:47

Severity ?

7.0 (High) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-17053"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-29T03:29:00Z",
    "severity": "HIGH"
  },
  "details": "The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.",
  "id": "GHSA-qv5h-fq2w-c68j",
  "modified": "2022-05-14T01:47:11Z",
  "published": "2022-05-14T01:47:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17053"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0676"
    },
    {
      "type": "WEB",
      "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102010"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2018-AVI-402

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE . Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP2-LTSS
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 12-SP3
SUSE	N/A	SUSE Linux Enterprise Module for Live Patching 15
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP 12-SP2

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-17053 (GCVE-0-2017-17053)

Vulnerability from cvelistv5

fkie_cve-2017-17053

Vulnerability from fkie_nvd

suse-su-2018:2413-1

Vulnerability from csaf_suse

cnvd-2017-36609

Vulnerability from cnvd

gsd-2017-17053

Vulnerability from gsd

ghsa-qv5h-fq2w-c68j

Vulnerability from github

CERTFR-2018-AVI-402

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature