Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2017-1000379

Published: 19/06/2017 Updated: 17/01/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 726
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing malicious users to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Debian CVElist Bug Report Logs: linux: CVE-2017-1000251
Debian Bug report logs - #875881 linux: CVE-2017-1000251 Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Christoph Anton Mitterer <calestyo@scientianet> Date: Fri, 15 Sep 2017 14:42:01 UTC Severity: critical Tags: confirmed, fixed-upstream, security, ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 66 Advanced Update Support and Red Hat Enterprise Linux 66 Telco Extended Update SupportRed Hat Product Security has rated this update ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 65 Advanced Update Support and Red Hat Enterprise Linux 65 Telco Extended Update SupportRed Hat Product Security has rated this update as having a ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 72 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 64 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Red Hat: Important: kernel security, bug fix, and enhancement update
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 5 ExtendedLifecycle SupportRed Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring Sy ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 62 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: CVE-2017-1000379
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ldso to where the stack is mapped allowing attackers to more easily manipulate the stack Linux Kernel version 4115 is affected ...
Arch Linux Issues:
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ldso to where the stack is mapped allowing attackers to more easily manipulate the stack Linux Kernel version 4115 is affected ...

Exploits

Exploit DB: Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation
/* * Linux_ldso_hwcap_64c for CVE-2017-1000366, CVE-2017-1000379 * Copyright (C) 2017 Qualys, Inc * * my_important_hwcaps() adapted from elf/dl-hwcapsc, * part of the GNU C Library: * Copyright (C) 2012-2017 Free Software Foundation, Inc * * This program is free software: you can redistribute it and/or modify * it under the terms of th ...
Exploit DB: Linux Kernel ldso_hwcap_64 Stack Clash Privilege Escalation
Linux kernel ldso_hwcap_64 stack clash privilege escalation exploit This affects Debian 77/85/90, Ubuntu 14042/16042/1704, Fedora 22/25, and CentOS 731611 ...

Github Repositories

https://github.com/jedai47/lastcve

/* Linux_ldso_hwcap_64c for CVE-2017-1000366, CVE-2017-1000379 Copyright (C) 2017 Qualys, Inc my_important_hwcaps() adapted from elf/dl-hwcapsc, part of the GNU C Library: Copyright (C) 2012-2017 Free Software Foundation, Inc This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free

https://github.com/roachmd/anchorenginehowto

Anchore Engine How To Guide Purpose: I started in the early days of docker Back then saying we are using docker now was enough to get you past the securtiy team But today not so much Security teams have caught up and now so have the tools Mature pipelines now include some sort of security scan Looking around for a free scanner with an enterprise upgrade option is few a

References

NVD-CWE-noinfohttps://www.qualys.com/2017/06/19/stack-clash/stack-clash.txthttps://access.redhat.com/security/cve/CVE-2017-1000379http://www.securityfocus.com/bid/99284https://www.exploit-db.com/exploits/42275/https://access.redhat.com/errata/RHSA-2017:1842https://access.redhat.com/errata/RHSA-2017:1712https://access.redhat.com/errata/RHSA-2017:1647https://access.redhat.com/errata/RHSA-2017:1616https://access.redhat.com/errata/RHSA-2017:1491https://access.redhat.com/errata/RHSA-2017:1490https://access.redhat.com/errata/RHSA-2017:1489https://access.redhat.com/errata/RHSA-2017:1488https://access.redhat.com/errata/RHSA-2017:1487https://access.redhat.com/errata/RHSA-2017:1486https://access.redhat.com/errata/RHSA-2017:1485https://access.redhat.com/errata/RHSA-2017:1484https://access.redhat.com/errata/RHSA-2017:1482https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875881https://www.exploit-db.com/exploits/42275/https://security.archlinux.org/CVE-2017-1000379
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook