Published: 19/06/2017 Updated: 17/01/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 730

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and previous versions. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Debian Bug report logs - #875881 linux: CVE-2017-1000251 Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Christoph Anton Mitterer <calestyo@scientianet> Date: Fri, 15 Sep 2017 14:42:01 UTC Severity: critical Tags: confirmed, fixed-upstream, security, ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception (#DB) error occurring while emulating a syscall instruction A process inside a guest can take advanta ...

The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch This affects Linux Kernel version 4115 a ...

/* * Linux_offset2libc for CVE-2017-1000370 and CVE-2017-1000371 * Copyright (C) 2017 Qualys, Inc * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later ve ...

/* * Linux_ldso_hwcapc for CVE-2017-1000366, CVE-2017-1000370 * Copyright (C) 2017 Qualys, Inc * * my_important_hwcaps() adapted from elf/dl-hwcapsc, * part of the GNU C Library: * Copyright (C) 2012-2017 Free Software Foundation, Inc * * This program is free software: you can redistribute it and/or modify * it under the terms of the G ...

Linux kernel ldso_hwcap stack clash privilege escalation exploit This affects Debian 7/8/9/10, Fedora 23/24/25, and CentOS 53/511/60/68/721511 ...

Linux kernel offset2lib stack clash exploit ...

NVD-CWE-noinfo https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt https://access.redhat.com/security/cve/CVE-2017-1000370 http://www.securityfocus.com/bid/99149 https://www.exploit-db.com/exploits/42274/https://www.exploit-db.com/exploits/42273/http://www.debian.org/security/2017/dsa-3981 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875881 https://www.exploit-db.com/exploits/42273/https://www.debian.org/security/./dsa-3981

CVE-2017-1000370

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect