Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2017-1000371

Published: 19/06/2017 Updated: 17/01/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 730
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Linux Kernel

Vulnerability Summary

An issue exists in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be jmp'ed over, this affects Linux Kernel versions 4.11.5 and previous versions (the stackguard page was introduced in 2010). (CVE-2017-1000364) The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIMIT_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This is a different issue than CVE-2017-1000370 and CVE-2017-1000365. (CVE-2017-1000371)

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Debian CVElist Bug Report Logs: linux: CVE-2017-1000251
Debian Bug report logs - #875881 linux: CVE-2017-1000251 Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Christoph Anton Mitterer <calestyo@scientianet> Date: Fri, 15 Sep 2017 14:42:01 UTC Severity: critical Tags: confirmed, fixed-upstream, security, ...
Debian Security Advisories: DSA-3981-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception (#DB) error occurring while emulating a syscall instruction A process inside a guest can take advanta ...
Amazon Linux AMI: ALAS-2017-845
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be jmp'ed over, this affects Linux Kernel versions 4115 and earlier (the stackguard page was introduced in 2010) (CVE-2017-1000364) The offset2lib patch as used by the Linux Kernel contains a vulnerability, i ...
Red Hat: CVE-2017-1000371
A flaw was found in the Linux kernel's implementation of mapping ELF PIE binary loading to allow evasion of the stack-guard page protection mechanisms that intend to mitigate this behavior ...
Arch Linux Issues:
The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's re ...

Exploits

Exploit DB: Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation
/* * Linux_ldso_dynamicc for CVE-2017-1000366, CVE-2017-1000371 * Copyright (C) 2017 Qualys, Inc * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later ver ...
Exploit DB: Linux Kernel - 'offset2lib' Stack Clash
/* * Linux_offset2libc for CVE-2017-1000370 and CVE-2017-1000371 * Copyright (C) 2017 Qualys, Inc * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later ve ...
Exploit DB: Linux Kernel offset2lib Stack Clash
Linux kernel offset2lib stack clash exploit ...
Exploit DB: Linux Kernel ldso_dynamic Stack Clash Privilege Escalation
Linux kernel ldso_dynamic stack clash privilege escalation exploit This affects Debian 9/10, Ubuntu 14045/16042/1704, and Fedora 23/24/25 ...

References

NVD-CWE-noinfohttps://www.qualys.com/2017/06/19/stack-clash/stack-clash.txthttps://access.redhat.com/security/cve/CVE-2017-1000371http://www.securityfocus.com/bid/99131https://www.exploit-db.com/exploits/42276/https://www.exploit-db.com/exploits/42273/http://www.debian.org/security/2017/dsa-3981https://access.redhat.com/errata/RHSA-2020:1524https://nvd.nist.govhttps://www.exploit-db.com/exploits/42276/https://www.debian.org/security/./dsa-3981https://alas.aws.amazon.com/ALAS-2017-845.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook