CVE-2017-1000371

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This affects Linux Kernel version 4.11.5. This is a different issue than CVE-2017-1000370 and CVE-2017-1000365. This issue appears to be limited to i386 based systems.

References

http://www.debian.org/security/2017/dsa-3981

http://www.securityfocus.com/bid/99131

https://access.redhat.com/security/cve/CVE-2017-1000371

https://www.exploit-db.com/exploits/42273/

https://www.exploit-db.com/exploits/42276/

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

Details

Source: MITRE

Published: 2017-06-19

Updated: 2019-10-03

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:4.11.5:*:*:*:*:*:*:*

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
137217OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0020) (Stack Clash)NessusOracleVM Local Security Checks
critical
137173Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5708)NessusOracle Linux Local Security Checks
critical
136804Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2020-037)NessusVirtuozzo Local Security Checks
high
136020CentOS 6 : kernel (CESA-2020:1524) (Stack Clash)NessusCentOS Local Security Checks
high
135959Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20200422) (Stack Clash)NessusScientific Linux Local Security Checks
high
135957Oracle Linux 6 : kernel (ELSA-2020-1524)NessusOracle Linux Local Security Checks
high
135910RHEL 6 : kernel (RHSA-2020:1524)NessusRed Hat Local Security Checks
high
104100Juniper Junos Space < 17.1R1 Multiple Vulnerabilities (JSA10826)NessusJunos Local Security Checks
high
103365Debian DSA-3981-1 : linux - security update (BlueBorne) (Stack Clash)NessusDebian Local Security Checks
high
101723Fedora 26 : kernel (2017-d3ed702fe4) (Stack Clash)NessusFedora Local Security Checks
high
101068Fedora 24 : kernel (2017-05f10e29f4) (Stack Clash)NessusFedora Local Security Checks
high
101037Fedora 25 : kernel (2017-d7bc1b3056) (Stack Clash)NessusFedora Local Security Checks
high
100874Amazon Linux AMI : kernel (ALAS-2017-845) (Stack Clash)NessusAmazon Linux Local Security Checks
high