cvelistv5 - cve-2017-17053

CVE-2017-17053 (GCVE-0-2017-17053)

Vulnerability from cvelistv5 – Published: 2017-11-29 03:00 – Updated: 2024-08-05 20:43

Summary

The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/102010	vdb-entryx_refsource_BID
	https://github.com/torvalds/linux/commit/ccd5b323…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:0676	vendor-advisoryx_refsource_REDHAT
	https://www.kernel.org/pub/linux/kernel/v4.x/Chan…	x_refsource_CONFIRM
	http://git.kernel.org/cgit/linux/kernel/git/torva…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:43:59.664Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102010",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102010"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc"
          },
          {
            "name": "RHSA-2018:0676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0676"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-11T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "102010",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102010"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc"
        },
        {
          "name": "RHSA-2018:0676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0676"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17053",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102010",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102010"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc"
            },
            {
              "name": "RHSA-2018:0676",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0676"
            },
            {
              "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10",
              "refsource": "CONFIRM",
              "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17053",
    "datePublished": "2017-11-29T03:00:00",
    "dateReserved": "2017-11-28T00:00:00",
    "dateUpdated": "2024-08-05T20:43:59.664Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.4.144\", \"versionEndExcluding\": \"4.4.153\", \"matchCriteriaId\": \"2A1EB29A-4793-4527-8D94-4736FFCD695B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.6\", \"versionEndExcluding\": \"4.9.46\", \"matchCriteriaId\": \"3415528F-A245-41FE-92D4-953ACB5977FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.10\", \"versionEndExcluding\": \"4.12.10\", \"matchCriteriaId\": \"228B0872-5ADF-4033-B9EE-75A0E0E3D4D0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n init_new_context en arch/x86/include/asm/mmu_context.h en el kernel de Linux en versiones anteriores a la 4.12.10 no gestiona errores de asignaci\\u00f3n de tablas LDT al bifurcar un nuevo proceso. Esto permite que un atacante local logre un uso de memoria previamente liberada o que, posiblemente, tenga otro impacto sin especificar ejecutando un programa especialmente manipulado. Esta vulnerabilidad solo afecta a los kernels construidos con CONFIG_MODIFY_LDT_SYSCALL=y.\"}]",
      "id": "CVE-2017-17053",
      "lastModified": "2024-11-21T03:17:24.180",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.0, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.0, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-11-29T03:29:00.300",
      "references": "[{\"url\": \"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102010\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0676\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102010\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0676\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-17053\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-11-29T03:29:00.300\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n init_new_context en arch/x86/include/asm/mmu_context.h en el kernel de Linux en versiones anteriores a la 4.12.10 no gestiona errores de asignaci\u00f3n de tablas LDT al bifurcar un nuevo proceso. Esto permite que un atacante local logre un uso de memoria previamente liberada o que, posiblemente, tenga otro impacto sin especificar ejecutando un programa especialmente manipulado. Esta vulnerabilidad solo afecta a los kernels construidos con CONFIG_MODIFY_LDT_SYSCALL=y.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4.144\",\"versionEndExcluding\":\"4.4.153\",\"matchCriteriaId\":\"2A1EB29A-4793-4527-8D94-4736FFCD695B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.6\",\"versionEndExcluding\":\"4.9.46\",\"matchCriteriaId\":\"3415528F-A245-41FE-92D4-953ACB5977FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.10\",\"versionEndExcluding\":\"4.12.10\",\"matchCriteriaId\":\"228B0872-5ADF-4033-B9EE-75A0E0E3D4D0\"}]}]}],\"references\":[{\"url\":\"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102010\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0676\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102010\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0676\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2017-17053

Vulnerability from fkie_nvd - Published: 2017-11-29 03:29 - Updated: 2025-04-20 01:37

Severity ?

7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc	Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/102010	Third Party Advisory, VDB Entry
cve@mitre.org	https://access.redhat.com/errata/RHSA-2018:0676	Third Party Advisory
cve@mitre.org	https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc	Patch, Third Party Advisory
cve@mitre.org	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102010	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:0676	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10	Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A1EB29A-4793-4527-8D94-4736FFCD695B",
              "versionEndExcluding": "4.4.153",
              "versionStartIncluding": "4.4.144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3415528F-A245-41FE-92D4-953ACB5977FD",
              "versionEndExcluding": "4.9.46",
              "versionStartIncluding": "4.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "228B0872-5ADF-4033-B9EE-75A0E0E3D4D0",
              "versionEndExcluding": "4.12.10",
              "versionStartIncluding": "4.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n init_new_context en arch/x86/include/asm/mmu_context.h en el kernel de Linux en versiones anteriores a la 4.12.10 no gestiona errores de asignaci\u00f3n de tablas LDT al bifurcar un nuevo proceso. Esto permite que un atacante local logre un uso de memoria previamente liberada o que, posiblemente, tenga otro impacto sin especificar ejecutando un programa especialmente manipulado. Esta vulnerabilidad solo afecta a los kernels construidos con CONFIG_MODIFY_LDT_SYSCALL=y."
    }
  ],
  "id": "CVE-2017-17053",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-29T03:29:00.300",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102010"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0676"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

SUSE-SU-2018:2413-1

Vulnerability from csaf_suse - Published: 2018-08-17 14:57 - Updated: 2018-08-17 14:57

Summary

Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3)

Notes

Title of the patch

Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3)

Description of the patch

This update for the Linux Kernel 4.4.82-6_6 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bsc#1103203). before 4.14.8 - CVE-2017-17053: The init_new_context function in arch/x86/include/asm/mmu_context.h did not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y (bsc#1096679). - CVE-2017-11600: net/xfrm/xfrm_policy.c did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bsc#1096564) - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108).

Patchnames

SUSE-SLE-Live-Patching-12-SP3-2018-1669,SUSE-SLE-Live-Patching-12-SP3-2018-1670,SUSE-SLE-Live-Patching-12-SP3-2018-1671

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 4.4.82-6_6 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306).\n- CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn\u0027t properly validate the sigevent-\u003esigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bsc#1103203).\nbefore 4.14.8\n- CVE-2017-17053: The init_new_context function in arch/x86/include/asm/mmu_context.h did not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y (bsc#1096679).\n- CVE-2017-11600: net/xfrm/xfrm_policy.c did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bsc#1096564) \n- CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn\u0027t propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Live-Patching-12-SP3-2018-1669,SUSE-SLE-Live-Patching-12-SP3-2018-1670,SUSE-SLE-Live-Patching-12-SP3-2018-1671",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2413-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:2413-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182413-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:2413-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-August/004468.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1096564",
        "url": "https://bugzilla.suse.com/1096564"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1096679",
        "url": "https://bugzilla.suse.com/1096679"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1097108",
        "url": "https://bugzilla.suse.com/1097108"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1099306",
        "url": "https://bugzilla.suse.com/1099306"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1103203",
        "url": "https://bugzilla.suse.com/1103203"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-11600 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-11600/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-17053 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-17053/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-18344 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-18344/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10853 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10853/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-3646 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-3646/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3)",
    "tracking": {
      "current_release_date": "2018-08-17T14:57:02Z",
      "generator": {
        "date": "2018-08-17T14:57:02Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:2413-1",
      "initial_release_date": "2018-08-17T14:57:02Z",
      "revision_history": [
        {
          "date": "2018-08-17T14:57:02Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
                  "product_id": "kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64",
                  "product_id": "kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
                  "product_id": "kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-live-patching:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-live-patching:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-live-patching:12:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-11600",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-11600"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-11600",
          "url": "https://www.suse.com/security/cve/CVE-2017-11600"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050231 for CVE-2017-11600",
          "url": "https://bugzilla.suse.com/1050231"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1096564 for CVE-2017-11600",
          "url": "https://bugzilla.suse.com/1096564"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-11600",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T14:57:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-11600"
    },
    {
      "cve": "CVE-2017-17053",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-17053"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-17053",
          "url": "https://www.suse.com/security/cve/CVE-2017-17053"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1070264 for CVE-2017-17053",
          "url": "https://bugzilla.suse.com/1070264"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1096679 for CVE-2017-17053",
          "url": "https://bugzilla.suse.com/1096679"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T14:57:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-17053"
    },
    {
      "cve": "CVE-2017-18344",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-18344"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn\u0027t properly validate the sigevent-\u003esigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-18344",
          "url": "https://www.suse.com/security/cve/CVE-2017-18344"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2017-18344",
          "url": "https://bugzilla.suse.com/1087082"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102851 for CVE-2017-18344",
          "url": "https://bugzilla.suse.com/1102851"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103203 for CVE-2017-18344",
          "url": "https://bugzilla.suse.com/1103203"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103580 for CVE-2017-18344",
          "url": "https://bugzilla.suse.com/1103580"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215674 for CVE-2017-18344",
          "url": "https://bugzilla.suse.com/1215674"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T14:57:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-18344"
    },
    {
      "cve": "CVE-2018-10853",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10853"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10853",
          "url": "https://www.suse.com/security/cve/CVE-2018-10853"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1097104 for CVE-2018-10853",
          "url": "https://bugzilla.suse.com/1097104"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1097108 for CVE-2018-10853",
          "url": "https://bugzilla.suse.com/1097108"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T14:57:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-10853"
    },
    {
      "cve": "CVE-2018-3646",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-3646"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-3646",
          "url": "https://www.suse.com/security/cve/CVE-2018-3646"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087078 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1087078"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087081 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1087081"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1089343 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1089343"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091107 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1091107"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1099306 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1099306"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104365 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1104365"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104894 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1104894"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1106548 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1106548"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113534 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1113534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1136865 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1136865"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-3646",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_3-default-11-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_9-default-10-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T14:57:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-3646"
    }
  ]
}

GSD-2017-17053

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-17053

Aliases

CVE-2017-17053

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-17053",
    "description": "The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.",
    "id": "GSD-2017-17053",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-17053.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-17053"
      ],
      "details": "The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.",
      "id": "GSD-2017-17053",
      "modified": "2023-12-13T01:21:04.288380Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-17053",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "102010",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102010"
          },
          {
            "name": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc",
            "refsource": "CONFIRM",
            "url": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc"
          },
          {
            "name": "RHSA-2018:0676",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:0676"
          },
          {
            "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10",
            "refsource": "CONFIRM",
            "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10"
          },
          {
            "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc",
            "refsource": "CONFIRM",
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.12.10",
                "versionStartIncluding": "4.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.4.153",
                "versionStartIncluding": "4.4.144",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.9.46",
                "versionStartIncluding": "4.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17053"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc"
            },
            {
              "name": "102010",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102010"
            },
            {
              "name": "RHSA-2018:0676",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0676"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-06-21T21:01Z",
      "publishedDate": "2017-11-29T03:29Z"
    }
  }
}

CNVD-2017-36609

Vulnerability from cnvd - Published: 2017-12-07

Title

Linux kernel内存破坏漏洞（CNVD-2017-36609）

Description

Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。 Linux kernel 4.12.10之前的版本中的arch/x86/include/asm/mmu_context.h文件的‘init_new_context’函数存在内存破坏漏洞，该漏洞源于程序未能正确的处理LDT表分配时出现的错误。本地攻击者可借助特制的程序利用该漏洞造成拒绝服务。

Severity

低

Patch Name

Linux kernel内存破坏漏洞（CNVD-2017-36609）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc

Reference

https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc

Impacted products

Name
Linux kernel <4.12.10

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102010"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-17053"
    }
  },
  "description": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux kernel 4.12.10\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684arch/x86/include/asm/mmu_context.h\u6587\u4ef6\u7684\u2018init_new_context\u2019\u51fd\u6570\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406LDT\u8868\u5206\u914d\u65f6\u51fa\u73b0\u7684\u9519\u8bef\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Linux",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-36609",
  "openTime": "2017-12-07",
  "patchDescription": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux kernel 4.12.10\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684arch/x86/include/asm/mmu_context.h\u6587\u4ef6\u7684\u2018init_new_context\u2019\u51fd\u6570\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406LDT\u8868\u5206\u914d\u65f6\u51fa\u73b0\u7684\u9519\u8bef\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Linux kernel\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-36609\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Linux kernel \u003c4.12.10"
  },
  "referenceLink": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc",
  "serverity": "\u4f4e",
  "submitTime": "2017-12-01",
  "title": "Linux kernel\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-36609\uff09"
}

CERTFR-2018-AVI-402

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE . Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP2-LTSS
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 12-SP3
SUSE	N/A	SUSE Linux Enterprise Module for Live Patching 15
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP 12-SP2

References

Title

Publication Time

Tags

Bulletin de sécurité SUSE suse-su-20182416-1 du 17 août 2018	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20182413-1 du 17 août 2018	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20182426-1 du 17 août 2018	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20182414-1 du 17 août 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SUSE Linux Enterprise Server 12-SP2-LTSS",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Live Patching 12-SP3",
      "product": {
        "name": "SUSE Linux Enterprise Live Patching",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module for Live Patching 15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server for SAP 12-SP2",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-11600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11600"
    },
    {
      "name": "CVE-2017-18344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18344"
    },
    {
      "name": "CVE-2018-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3646"
    },
    {
      "name": "CVE-2018-10853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10853"
    },
    {
      "name": "CVE-2017-17053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17053"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-402",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-08-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE . Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20182416-1 du 17 ao\u00fbt 2018",
      "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182416-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20182413-1 du 17 ao\u00fbt 2018",
      "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182413-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20182426-1 du 17 ao\u00fbt 2018",
      "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182426-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20182414-1 du 17 ao\u00fbt 2018",
      "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182414-1/"
    }
  ]
}

CERTFR-2018-AVI-402

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP2-LTSS
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 12-SP3
SUSE	N/A	SUSE Linux Enterprise Module for Live Patching 15
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP 12-SP2

References

Title

Publication Time

Tags

Bulletin de sécurité SUSE suse-su-20182416-1 du 17 août 2018	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20182413-1 du 17 août 2018	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20182426-1 du 17 août 2018	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20182414-1 du 17 août 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SUSE Linux Enterprise Server 12-SP2-LTSS",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Live Patching 12-SP3",
      "product": {
        "name": "SUSE Linux Enterprise Live Patching",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module for Live Patching 15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server for SAP 12-SP2",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-11600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11600"
    },
    {
      "name": "CVE-2017-18344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18344"
    },
    {
      "name": "CVE-2018-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3646"
    },
    {
      "name": "CVE-2018-10853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10853"
    },
    {
      "name": "CVE-2017-17053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17053"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-402",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-08-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE . Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20182416-1 du 17 ao\u00fbt 2018",
      "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182416-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20182413-1 du 17 ao\u00fbt 2018",
      "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182413-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20182426-1 du 17 ao\u00fbt 2018",
      "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182426-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20182414-1 du 17 ao\u00fbt 2018",
      "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182414-1/"
    }
  ]
}

GHSA-QV5H-FQ2W-C68J

Vulnerability from github – Published: 2022-05-14 01:47 – Updated: 2022-05-14 01:47

Details

Severity ?

7.0 (High)


                  
                    CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-17053"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-29T03:29:00Z",
    "severity": "HIGH"
  },
  "details": "The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.",
  "id": "GHSA-qv5h-fq2w-c68j",
  "modified": "2022-05-14T01:47:11Z",
  "published": "2022-05-14T01:47:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17053"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0676"
    },
    {
      "type": "WEB",
      "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102010"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-17053 (GCVE-0-2017-17053)

FKIE_CVE-2017-17053

SUSE-SU-2018:2413-1

GSD-2017-17053

CNVD-2017-36609

CERTFR-2018-AVI-402

Solution

CERTFR-2018-AVI-402

Solution

GHSA-QV5H-FQ2W-C68J

Tags

Sightings

Nomenclature