{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2017-09-25T00:00:00", "datePublic": "2017-10-03T00:00:00", "descriptions": [{"lang": "en", "value": "Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the \"gap\" between the stack and the binary."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-08T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2017:2798", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2798"}, {"name": "RHSA-2017:2795", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2795"}, {"name": "1039434", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039434"}, {"name": "RHSA-2017:2801", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2801"}, {"name": "RHSA-2017:2796", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2796"}, {"name": "101010", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101010"}, {"name": "RHSA-2017:2799", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2799"}, {"name": "RHSA-2017:2794", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2794"}, {"name": "RHSA-2017:2793", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2793"}, {"name": "RHSA-2017:2797", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2797"}, {"name": "RHSA-2017:2802", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2802"}, {"tags": ["x_refsource_MISC"], "url": "https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt"}, {"name": "RHSA-2017:2800", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2800"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2017-09-25", "ID": "CVE-2017-1000253", "REQUESTER": "qsa@qualys.com", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the \"gap\" between the stack and the binary."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:2798", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2798"}, {"name": "RHSA-2017:2795", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2795"}, {"name": "1039434", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039434"}, {"name": "RHSA-2017:2801", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2801"}, {"name": "RHSA-2017:2796", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2796"}, {"name": "101010", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101010"}, {"name": "RHSA-2017:2799", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2799"}, {"name": "RHSA-2017:2794", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2794"}, {"name": "RHSA-2017:2793", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2793"}, {"name": "RHSA-2017:2797", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2797"}, {"name": "RHSA-2017:2802", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2802"}, {"name": "https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt", "refsource": "MISC", "url": "https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt"}, {"name": "RHSA-2017:2800", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2800"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:00:39.693Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2017:2798", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2798"}, {"name": "RHSA-2017:2795", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2795"}, {"name": "1039434", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039434"}, {"name": "RHSA-2017:2801", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2801"}, {"name": "RHSA-2017:2796", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2796"}, {"name": "101010", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101010"}, {"name": "RHSA-2017:2799", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2799"}, {"name": "RHSA-2017:2794", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2794"}, {"name": "RHSA-2017:2793", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2793"}, {"name": "RHSA-2017:2797", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2797"}, {"name": "RHSA-2017:2802", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2802"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt"}, {"name": "RHSA-2017:2800", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2800"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "affected": [{"vendor": "centos", "product": "centos", "cpes": ["cpe:2.3:o:centos:centos:6.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.0", "status": "affected"}]}, {"vendor": "centos", "product": "centos", "cpes": ["cpe:2.3:o:centos:centos:6.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.1", "status": "affected"}]}, {"vendor": "centos", "product": "centos", "cpes": ["cpe:2.3:o:centos:centos:6.2:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.2", "status": "affected"}]}, {"vendor": "centos", "product": "centos", "cpes": ["cpe:2.3:o:centos:centos:6.3:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.3", "status": "affected"}]}, {"vendor": "centos", "product": "centos", "cpes": ["cpe:2.3:o:centos:centos:6.4:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.4", "status": "affected"}]}, {"vendor": "centos", "product": "centos", "cpes": ["cpe:2.3:o:centos:centos:6.5:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.5", "status": "affected"}]}, {"vendor": "centos", "product": "centos", "cpes": ["cpe:2.3:o:centos:centos:6.6:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.6", "status": "affected"}]}, {"vendor": "centos", "product": "centos", "cpes": ["cpe:2.3:o:centos:centos:6.7:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.7", "status": "affected"}]}, {"vendor": "centos", "product": "centos", "cpes": ["cpe:2.3:o:centos:centos:6.8:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.8", "status": "affected"}]}, {"vendor": "centos", "product": "centos", "cpes": ["cpe:2.3:o:centos:centos:6.9:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.9", "status": "affected"}]}, {"vendor": "centos", "product": "centos", "cpes": ["cpe:2.3:o:centos:centos:7.1406:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.1406", "status": "affected"}]}, {"vendor": "centos", "product": "centos", "cpes": ["cpe:2.3:o:centos:centos:7.1503:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.1503", "status": "affected"}]}, {"vendor": "centos", "product": "centos", "cpes": ["cpe:2.3:o:centos:centos:7.1511:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.1511", "status": "affected"}]}, {"vendor": "centos", "product": "centos", "cpes": ["cpe:2.3:o:centos:centos:7.1611:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.1611", "status": "affected"}]}, {"vendor": "redhat", "product": "enterprise_linux", "cpes": ["cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.9:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.0", "status": "affected"}, {"version": "6.1", "status": "affected"}, {"version": "6.2", "status": "affected"}, {"version": "6.3", "status": "affected"}, {"version": "6.4", "status": "affected"}, {"version": "6.5", "status": "affected"}, {"version": "6.6", "status": "affected"}, {"version": "6.7", "status": "affected"}, {"version": "6.8", "status": "affected"}, {"version": "6.9", "status": "affected"}, {"version": "7.0", "status": "affected"}, {"version": "7.1", "status": "affected"}, {"version": "7.2", "status": "affected"}, {"version": "7.3", "status": "affected"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.6.25", "status": "affected", "lessThan": "3.2.70", "versionType": "custom"}, {"version": "3.3", "status": "affected", "lessThan": "3.4.109", "versionType": "custom"}, {"version": "3.5", "status": "affected", "lessThan": "3.10.77", "versionType": "custom"}, {"version": "3.11", "status": "affected", "lessThan": "3.12.43", "versionType": "custom"}, {"version": "3.13", "status": "affected", "lessThan": "3.14.41", "versionType": "custom"}, {"version": "3.15", "status": "affected", "lessThan": "3.16.35", "versionType": "custom"}, {"version": "3.17", "status": "affected", "lessThan": "3.18.14", "versionType": "custom"}, {"version": "3.19", "status": "affected", "lessThan": "3.19.7", "versionType": "custom"}, {"version": "1.0", "status": "affected", "lessThan": "4.0.2", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-06T00:00:00+00:00", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2017-1000253"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-09-09", "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T03:55:14.762Z"}, "timeline": [{"time": "2024-09-09T00:00:00+00:00", "lang": "en", "value": "CVE-2017-1000253 added to CISA KEV"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-1000253", "datePublished": "2017-10-04T01:00:00", "dateReserved": "2017-10-03T00:00:00", "dateUpdated": "2024-09-10T03:55:14.762Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2017:2798", "name": "RHSA-2017:2798", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2795", "name": "RHSA-2017:2795", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.securitytracker.com/id/1039434", "name": "1039434", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2801", "name": "RHSA-2017:2801", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2796", "name": "RHSA-2017:2796", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/101010", "name": "101010", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2799", "name": "RHSA-2017:2799", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2794", "name": "RHSA-2017:2794", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2793", "name": "RHSA-2017:2793", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2797", "name": "RHSA-2017:2797", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2802", "name": "RHSA-2017:2802", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2800", "name": "RHSA-2017:2800", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:00:39.693Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2017-1000253", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-07T03:55:23.405987Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-09-09", "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"}}}], "affected": [{"cpes": ["cpe:2.3:o:centos:centos:6.0:*:*:*:*:*:*:*"], "vendor": "centos", "product": "centos", "versions": [{"status": "affected", "version": "6.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centos:centos:6.1:*:*:*:*:*:*:*"], "vendor": "centos", "product": "centos", "versions": [{"status": "affected", "version": "6.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centos:centos:6.2:*:*:*:*:*:*:*"], "vendor": "centos", "product": "centos", "versions": [{"status": "affected", "version": "6.2"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centos:centos:6.3:*:*:*:*:*:*:*"], "vendor": "centos", "product": "centos", "versions": [{"status": "affected", "version": "6.3"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centos:centos:6.4:*:*:*:*:*:*:*"], "vendor": "centos", "product": "centos", "versions": [{"status": "affected", "version": "6.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centos:centos:6.5:*:*:*:*:*:*:*"], "vendor": "centos", "product": "centos", "versions": [{"status": "affected", "version": "6.5"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centos:centos:6.6:*:*:*:*:*:*:*"], "vendor": "centos", "product": "centos", "versions": [{"status": "affected", "version": "6.6"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centos:centos:6.7:*:*:*:*:*:*:*"], "vendor": "centos", "product": "centos", "versions": [{"status": "affected", "version": "6.7"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centos:centos:6.8:*:*:*:*:*:*:*"], "vendor": "centos", "product": "centos", "versions": [{"status": "affected", "version": "6.8"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centos:centos:6.9:*:*:*:*:*:*:*"], "vendor": "centos", "product": "centos", "versions": [{"status": "affected", "version": "6.9"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centos:centos:7.1406:*:*:*:*:*:*:*"], "vendor": "centos", "product": "centos", "versions": [{"status": "affected", "version": "7.1406"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centos:centos:7.1503:*:*:*:*:*:*:*"], "vendor": "centos", "product": "centos", "versions": [{"status": "affected", "version": "7.1503"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centos:centos:7.1511:*:*:*:*:*:*:*"], "vendor": "centos", "product": "centos", "versions": [{"status": "affected", "version": "7.1511"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centos:centos:7.1611:*:*:*:*:*:*:*"], "vendor": "centos", "product": "centos", "versions": [{"status": "affected", "version": "7.1611"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.9:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*"], "vendor": "redhat", "product": "enterprise_linux", "versions": [{"status": "affected", "version": "6.0"}, {"status": "affected", "version": "6.1"}, {"status": "affected", "version": "6.2"}, {"status": "affected", "version": "6.3"}, {"status": "affected", "version": "6.4"}, {"status": "affected", "version": "6.5"}, {"status": "affected", "version": "6.6"}, {"status": "affected", "version": "6.7"}, {"status": "affected", "version": "6.8"}, {"status": "affected", "version": "6.9"}, {"status": "affected", "version": "7.0"}, {"status": "affected", "version": "7.1"}, {"status": "affected", "version": "7.2"}, {"status": "affected", "version": "7.3"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "2.6.25", "lessThan": "3.2.70", "versionType": "custom"}, {"status": "affected", "version": "3.3", "lessThan": "3.4.109", "versionType": "custom"}, {"status": "affected", "version": "3.5", "lessThan": "3.10.77", "versionType": "custom"}, {"status": "affected", "version": "3.11", "lessThan": "3.12.43", "versionType": "custom"}, {"status": "affected", "version": "3.13", "lessThan": "3.14.41", "versionType": "custom"}, {"status": "affected", "version": "3.15", "lessThan": "3.16.35", "versionType": "custom"}, {"status": "affected", "version": "3.17", "lessThan": "3.18.14", "versionType": "custom"}, {"status": "affected", "version": "3.19", "lessThan": "3.19.7", "versionType": "custom"}, {"status": "affected", "version": "1.0", "lessThan": "4.0.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T17:10:39.045Z"}, "timeline": [{"lang": "en", "time": "2024-09-09T00:00:00+00:00", "value": "CVE-2017-1000253 added to CISA KEV"}]}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-03T00:00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2017:2798", "name": "RHSA-2017:2798", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2795", "name": "RHSA-2017:2795", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://www.securitytracker.com/id/1039434", "name": "1039434", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2801", "name": "RHSA-2017:2801", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2796", "name": "RHSA-2017:2796", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://www.securityfocus.com/bid/101010", "name": "101010", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2799", "name": "RHSA-2017:2799", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2794", "name": "RHSA-2017:2794", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2793", "name": "RHSA-2017:2793", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2797", "name": "RHSA-2017:2797", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2802", "name": "RHSA-2017:2802", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt", "tags": ["x_refsource_MISC"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:2800", "name": "RHSA-2017:2800", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}], "dateAssigned": "2017-09-25T00:00:00", "descriptions": [{"lang": "en", "value": "Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the \"gap\" between the stack and the binary."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2017-12-08T10:57:01"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://access.redhat.com/errata/RHSA-2017:2798", "name": "RHSA-2017:2798", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2795", "name": "RHSA-2017:2795", "refsource": "REDHAT"}, {"url": "http://www.securitytracker.com/id/1039434", "name": "1039434", "refsource": "SECTRACK"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2801", "name": "RHSA-2017:2801", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2796", "name": "RHSA-2017:2796", "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/bid/101010", "name": "101010", "refsource": "BID"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2799", "name": "RHSA-2017:2799", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2794", "name": "RHSA-2017:2794", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2793", "name": "RHSA-2017:2793", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2797", "name": "RHSA-2017:2797", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2802", "name": "RHSA-2017:2802", "refsource": "REDHAT"}, {"url": "https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt", "name": "https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt", "refsource": "MISC"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2800", "name": "RHSA-2017:2800", "refsource": "REDHAT"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the \"gap\" between the stack and the binary."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-1000253", "STATE": "PUBLIC", "ASSIGNER": "cve@mitre.org", "REQUESTER": "qsa@qualys.com", "DATE_ASSIGNED": "2017-09-25"}}}}, "cveMetadata": {"cveId": "CVE-2017-1000253", "state": "PUBLISHED", "dateUpdated": "2024-09-10T03:55:14.762Z", "dateReserved": "2017-10-03T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2017-10-04T01:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cisaActionDue": "2024-09-30", "cisaExploitAdd": "2024-09-09", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Linux Kernel PIE Stack Buffer Corruption Vulnerability ", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:centos:centos:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "ED1C5E1D-21F5-46FA-89F6-A9B7E4BC94EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:centos:centos:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "455E5124-9EC1-4C73-997B-212D9DDC5949", "vulnerable": true}, {"criteria": "cpe:2.3:o:centos:centos:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "E3652270-3566-49BF-9235-EE041EF87E63", "vulnerable": true}, {"criteria": "cpe:2.3:o:centos:centos:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "FAE1DFBF-E5FF-42B1-B58C-34C94A8AB65F", "vulnerable": true}, {"criteria": "cpe:2.3:o:centos:centos:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "76CA16D1-B633-4E1A-A769-1587B4DFE09C", "vulnerable": true}, {"criteria": "cpe:2.3:o:centos:centos:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "D880E621-F60A-4EDB-B3A5-93411DDF0E36", "vulnerable": true}, {"criteria": "cpe:2.3:o:centos:centos:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "FDA91BDF-A89A-4EE1-AED9-9523B5C1DD7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:centos:centos:6.7:*:*:*:*:*:*:*", "matchCriteriaId": "444146DF-7ACE-4D4A-AA39-CD17D4ADDD98", "vulnerable": true}, {"criteria": "cpe:2.3:o:centos:centos:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "48FE5EA8-A978-464D-89E1-1AD187C92D2A", "vulnerable": true}, {"criteria": "cpe:2.3:o:centos:centos:6.9:*:*:*:*:*:*:*", "matchCriteriaId": "9420109A-E62E-40F9-9B82-EF9D5431680C", "vulnerable": true}, {"criteria": "cpe:2.3:o:centos:centos:7.1406:*:*:*:*:*:*:*", "matchCriteriaId": "27A0A2BB-D332-428B-AE50-3A5EC0551C79", "vulnerable": true}, {"criteria": "cpe:2.3:o:centos:centos:7.1503:*:*:*:*:*:*:*", "matchCriteriaId": "AE32F8A2-B456-40CF-A6C0-27B8B9096A83", "vulnerable": true}, {"criteria": "cpe:2.3:o:centos:centos:7.1511:*:*:*:*:*:*:*", "matchCriteriaId": "25459148-714C-4322-847A-FFF4D9B37EBF", "vulnerable": true}, {"criteria": "cpe:2.3:o:centos:centos:7.1611:*:*:*:*:*:*:*", "matchCriteriaId": "3EB71F04-DF1E-48CE-BC2F-3A6A47C025BC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "6D5A165C-3721-4A87-839F-BD4F6778DA77", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "9A1F55A9-FAAF-4751-BA6A-93CDB31B11C6", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "9045284A-C762-4913-B5AF-8499235F969C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "905EC4D0-7604-476A-8176-9FFCEB1DC6B1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "564DCCFD-77BF-4FB1-A0A0-96104B154282", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "467A831E-C63B-476F-A71F-8FB52556BC45", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*", "matchCriteriaId": "84FF61DF-D634-4FB5-8DF1-01F631BE1A7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "243980B8-4044-4776-B521-F9D709E68CCB", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.9:*:*:*:*:*:*:*", "matchCriteriaId": "39A7795D-CFD3-4643-A7A1-7AD7629B5511", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "266EA1B3-526F-4D12-873E-08CE3861AEA6", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "2E4DC974-235F-4655-966F-2490A4C4E490", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "B99A2411-7F6A-457F-A7BF-EB13C630F902", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "64B31F8B-955E-437A-BD1C-8FDBC53CA2EA", "versionEndExcluding": "3.2.70", "versionStartIncluding": "2.6.25", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6548E1CE-CC24-4E01-A277-1424BE536777", "versionEndExcluding": "3.4.109", "versionStartIncluding": "3.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F018224B-768E-407A-AEA6-5CEFAC65534C", "versionEndExcluding": "3.10.77", "versionStartIncluding": "3.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3677661A-9F24-4A1D-A66A-DF9330DF6DB9", "versionEndExcluding": "3.12.43", "versionStartIncluding": "3.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E439BE91-83E3-4795-9E2D-C174EE1B84F5", "versionEndExcluding": "3.14.41", "versionStartIncluding": "3.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DC4BA70-B111-4D2E-BC78-6601CED68F08", "versionEndExcluding": "3.16.35", "versionStartIncluding": "3.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BB16F9A-A3E5-4CAC-905D-F60426BBAD9D", "versionEndExcluding": "3.18.14", "versionStartIncluding": "3.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "25099C5E-E14E-44D4-8482-0F87E1A22572", "versionEndExcluding": "3.19.7", "versionStartIncluding": "3.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB190AE4-287F-40B5-AC62-0B1E50DBE00D", "versionEndExcluding": "4.0.2", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the \"gap\" between the stack and the binary."}, {"lang": "es", "value": "Existe una vulnerabilidad en las distribuciones de Linux que no han parcheado sus kernels de largo mantenimiento con https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (confirmada el 14 de abril de 2015). Esta vulnerabilidad en los kernels se parche\u00f3 en abril de 2015 por el commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (aplicado a Linux 3.10.77 en mayo de 2015), pero no se reconoci\u00f3 como amenaza de seguridad. Con CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE habilitado y una estrategia vertical normal de asignaci\u00f3n de direcciones, load_elf_binary() intentar\u00e1 mapear un binario PIE en un rango de direcciones inmediatamente inferior a mm->mmap_base. Por desgracia, load_elf_ binary() no tiene en cuenta la necesidad de asignar el suficiente espacio para todo el binario, lo que significa que, estando el primer segmento PT_LOAD est\u00e1 mapeado bajo mm->mmap_base, los siguientes segmentos PT_LOAD acaban mapeados sobre mm->mmap_base en el \u00e1rea que deber\u00eda ser el \"hueco\" entre la pila y el binario."}], "id": "CVE-2017-1000253", "lastModified": "2024-09-11T11:12:20.577", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2017-10-05T01:29:04.790", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101010"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039434"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2793"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2794"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2795"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2796"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2797"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2798"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2799"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2800"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2801"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2802"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "affected_release": [{"advisory": "RHSA-2017:2802", "cpe": "cpe:/o:redhat:rhel_aus:5.9", "package": "kernel-0:2.6.18-348.34.2.el5", "product_name": "Red Hat Enterprise Linux 5.9 Long Life", "release_date": "2017-09-26T00:00:00Z"}, {"advisory": "RHSA-2017:2801", "cpe": "cpe:/o:redhat:rhel_els:5", "package": "kernel-0:2.6.18-423.el5", "product_name": "Red Hat Enterprise Linux 5 Extended Lifecycle Support", "release_date": "2017-09-26T00:00:00Z"}, {"advisory": "RHSA-2017:2795", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-696.10.3.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-09-26T00:00:00Z"}, {"advisory": "RHSA-2017:2800", "cpe": "cpe:/o:redhat:rhel_mission_critical:6.2", "package": "kernel-0:2.6.32-220.76.1.el6", "product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support", "release_date": "2017-09-26T00:00:00Z"}, {"advisory": "RHSA-2017:2799", "cpe": "cpe:/o:redhat:rhel_aus:6.4", "package": "kernel-0:2.6.32-358.84.1.el6", "product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support", "release_date": "2017-09-26T00:00:00Z"}, {"advisory": "RHSA-2017:2798", "cpe": "cpe:/o:redhat:rhel_aus:6.5", "package": "kernel-0:2.6.32-431.85.1.el6", "product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support", "release_date": "2017-09-26T00:00:00Z"}, {"advisory": "RHSA-2017:2798", "cpe": "cpe:/o:redhat:rhel_tus:6.5", "package": "kernel-0:2.6.32-431.85.1.el6", "product_name": "Red Hat Enterprise Linux 6.5 Telco Extended Update Support", "release_date": "2017-09-26T00:00:00Z"}, {"advisory": "RHSA-2017:2797", "cpe": "cpe:/o:redhat:rhel_aus:6.6", "package": "kernel-0:2.6.32-504.63.3.el6", "product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support", "release_date": "2017-09-26T00:00:00Z"}, {"advisory": "RHSA-2017:2797", "cpe": "cpe:/o:redhat:rhel_tus:6.6", "package": "kernel-0:2.6.32-504.63.3.el6", "product_name": "Red Hat Enterprise Linux 6.6 Telco Extended Update Support", "release_date": "2017-09-26T00:00:00Z"}, {"advisory": "RHSA-2017:2796", "cpe": "cpe:/o:redhat:rhel_eus:6.7", "package": "kernel-0:2.6.32-573.48.1.el6", "product_name": "Red Hat Enterprise Linux 6.7 Extended Update Support", "release_date": "2017-09-26T00:00:00Z"}, {"advisory": "RHSA-2017:1842", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-693.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:2794", "cpe": "cpe:/o:redhat:rhel_eus:7.2", "package": "kernel-0:3.10.0-327.59.3.el7", "product_name": "Red Hat Enterprise Linux 7.2 Extended Update Support", "release_date": "2017-09-26T00:00:00Z"}, {"advisory": "RHSA-2017:2793", "cpe": "cpe:/o:redhat:rhel_eus:7.3", "package": "kernel-0:3.10.0-514.32.3.el7", "product_name": "Red Hat Enterprise Linux 7.3 Extended Update Support", "release_date": "2017-09-26T00:00:00Z"}], "bugzilla": {"description": "kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary", "id": "1492212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492212"}, "csaw": true, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-119", "details": ["Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the \"gap\" between the stack and the binary.", "A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable (PIE), the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system."], "mitigation": {"lang": "en:us", "value": "By setting vm.legacy_va_layout to 1 we can effectively disable the exploitation of this issue by switching to the legacy mmap layout. The mmap allocations start much lower in the process address space and follow the bottom-up allocation model. As such, the initial PIE executable mapping is far from the reserved stack area and cannot interfere with the stack.\n64-bit processes on Red Hat Enterprise Linux 5 are forced to use the legacy virtual address space layout regardless of the vm.legacy_va_layout value.\nNote: Applications that have demands for a large linear address space (such as certain databases) may be unable to handle the legacy memory layout proposed using this mitigation. We recommend to test your systems and applications before deploying this mitigation on production systems.\nEdit the /etc/sysctl.conf file as root, and add or amend:\nvm.legacy_va_layout = 1\nTo apply this setting, run the /sbin/sysctl -p command as the root user to reload the settings from /etc/sysctl.conf.\nVerify that vm.legacy_va_layout is now set to defined value:\n$ /sbin/sysctl vm.legacy_va_layout\nvm.legacy_va_layout = 1"}, "name": "CVE-2017-1000253", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2017-09-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-1000253\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000253\nhttps://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 prior to kernel version 3.10.0-693, that is Red Hat Enterprise Linux 7.4 GA kernel version. Kernel versions after 3.10.0-693 contain the fix and are thus not vulnerable.\nThis issue affects the Linux kernel-rt packages prior to the kernel version 3.10.0-693.rt56.617 (Red Hat Enteprise Linux for Realtime) and 3.10.0-693.2.1.rt56.585.el6rt (Red Hat Enterprise MRG 2). The latest Linux kernel-rt packages as shipped with Red Hat Enterprise Linux for Realtime and Red Hat Enterprise MRG 2 are not vulnerable.\nFuture Linux kernel updates for the respective releases will address this issue.", "threat_severity": "Important"}