CVE-2017-1000253 - Vulnerability Details

CVE-2017-1000253 - kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since Sept. 9, 2024.

The EPSS score is 0.55537.

Key SSVC decision points have not yet been added.

Vendors	Products
Centos	Centos
Linux	Linux Kernel
Redhat	Enterprise Linux Rhel Aus Rhel Els Rhel Eus Rhel Mission Critical Rhel Tus

Configuration 1 [-]

OR	cpe:2.3:o:centos:centos:6.0:::::::*
	cpe:2.3:o:centos:centos:6.1:::::::*
	cpe:2.3:o:centos:centos:6.2:::::::*
	cpe:2.3:o:centos:centos:6.3:::::::*
	cpe:2.3:o:centos:centos:6.4:::::::*
	cpe:2.3:o:centos:centos:6.5:::::::*
	cpe:2.3:o:centos:centos:6.6:::::::*
	cpe:2.3:o:centos:centos:6.7:::::::*
	cpe:2.3:o:centos:centos:6.8:::::::*
	cpe:2.3:o:centos:centos:6.9:::::::*
	cpe:2.3:o:centos:centos:7.1406:::::::*
	cpe:2.3:o:centos:centos:7.1503:::::::*
	cpe:2.3:o:centos:centos:7.1511:::::::*
	cpe:2.3:o:centos:centos:7.1611:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.9:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.3:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5.9 Long Life
kernel-0:2.6.18-348.34.2.el5	cpe:/o:redhat:rhel_aus:5.9	RHSA-2017:2802	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 5 Extended Lifecycle Support
kernel-0:2.6.18-423.el5	cpe:/o:redhat:rhel_els:5	RHSA-2017:2801	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 6
kernel-0:2.6.32-696.10.3.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2017:2795	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 6.2 Advanced Update Support
kernel-0:2.6.32-220.76.1.el6	cpe:/o:redhat:rhel_mission_critical:6.2	RHSA-2017:2800	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 6.4 Advanced Update Support
kernel-0:2.6.32-358.84.1.el6	cpe:/o:redhat:rhel_aus:6.4	RHSA-2017:2799	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 6.5 Advanced Update Support
kernel-0:2.6.32-431.85.1.el6	cpe:/o:redhat:rhel_aus:6.5	RHSA-2017:2798	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 6.5 Telco Extended Update Support
kernel-0:2.6.32-431.85.1.el6	cpe:/o:redhat:rhel_tus:6.5	RHSA-2017:2798	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 6.6 Advanced Update Support
kernel-0:2.6.32-504.63.3.el6	cpe:/o:redhat:rhel_aus:6.6	RHSA-2017:2797	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 6.6 Telco Extended Update Support
kernel-0:2.6.32-504.63.3.el6	cpe:/o:redhat:rhel_tus:6.6	RHSA-2017:2797	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 6.7 Extended Update Support
kernel-0:2.6.32-573.48.1.el6	cpe:/o:redhat:rhel_eus:6.7	RHSA-2017:2796	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 7
kernel-0:3.10.0-693.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2017:1842	2017-08-01T00:00:00Z
Red Hat Enterprise Linux 7.2 Extended Update Support
kernel-0:3.10.0-327.59.3.el7	cpe:/o:redhat:rhel_eus:7.2	RHSA-2017:2794	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 7.3 Extended Update Support
kernel-0:3.10.0-514.32.3.el7	cpe:/o:redhat:rhel_eus:7.3	RHSA-2017:2793	2017-09-26T00:00:00Z

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.securityfocus.com/bid/101010
http://www.securitytracker.com/id/1039434
https://access.redhat.com/errata/RHSA-2017:2793
https://access.redhat.com/errata/RHSA-2017:2794
https://access.redhat.com/errata/RHSA-2017:2795
https://access.redhat.com/errata/RHSA-2017:2796
https://access.redhat.com/errata/RHSA-2017:2797
https://access.redhat.com/errata/RHSA-2017:2798
https://access.redhat.com/errata/RHSA-2017:2799
https://access.redhat.com/errata/RHSA-2017:2800
https://access.redhat.com/errata/RHSA-2017:2801
https://access.redhat.com/errata/RHSA-2017:2802
https://nvd.nist.gov/vuln/detail/CVE-2017-1000253
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2017-1000253
https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt

History

Tue, 10 Sep 2024 05:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-10-04T01:00:00.000Z

Updated: 2025-07-30T01:46:21.732Z

Reserved: 2017-10-03T00:00:00.000Z

Link: CVE-2017-1000253

Vulnrichment

Updated: 2024-08-05T22:00:39.693Z

NVD

Status : Deferred

Published: 2017-10-05T01:29:04.790

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-1000253

Redhat

Severity : Important

Publid Date: 2017-09-26T00:00:00Z

Links: CVE-2017-1000253 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object