CVE-2017-10661

HIGH

Description

Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6

http://www.debian.org/security/2017/dsa-3981

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.15

http://www.securityfocus.com/bid/100215

https://access.redhat.com/errata/RHSA-2018:3083

https://access.redhat.com/errata/RHSA-2018:3096

https://bugzilla.redhat.com/show_bug.cgi?id=1481136

https://github.com/torvalds/linux/commit/1e38da300e1e395a15048b0af1e5305bd91402f6

https://source.android.com/security/bulletin/2017-08-01

https://www.exploit-db.com/exploits/43345/

Details

Source: MITRE

Published: 2017-08-19

Updated: 2018-10-31

Type: CWE-416

Risk Information

CVSS v2.0

Base Score: 7.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 4.9

Severity: HIGH

CVSS v3.0

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1

Severity: HIGH

Tenable Plugins

View all (56 total)

ID	Name	Product	Family	Severity
132700	RHEL 7 : kernel (RHSA-2020:0036)	Nessus	Red Hat Local Security Checks	critical
131719	RHEL 6 : MRG (RHSA-2019:4057)	Nessus	Red Hat Local Security Checks	critical
131675	RHEL 7 : kernel (RHSA-2019:4058)	Nessus	Red Hat Local Security Checks	critical
127281	NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0074)	Nessus	NewStart CGSL Local Security Checks	critical
127272	NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0070)	Nessus	NewStart CGSL Local Security Checks	critical
124989	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1536)	Nessus	Huawei Local Security Checks	high
124821	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1498)	Nessus	Huawei Local Security Checks	high
119187	Scientific Linux Security Update : kernel on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
118990	CentOS 7 : kernel (CESA-2018:3083)	Nessus	CentOS Local Security Checks	high
118770	Oracle Linux 7 : kernel (ELSA-2018-3083)	Nessus	Oracle Linux Local Security Checks	high
118528	RHEL 7 : kernel-rt (RHSA-2018:3096)	Nessus	Red Hat Local Security Checks	high
118525	RHEL 7 : kernel (RHSA-2018:3083)	Nessus	Red Hat Local Security Checks	high
109158	OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0035) (Dirty COW) (Meltdown) (Spectre)	Nessus	OracleVM Local Security Checks	high
109156	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4071) (Dirty COW) (Meltdown) (Spectre)	Nessus	Oracle Linux Local Security Checks	high
105352	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3340-1)	Nessus	SuSE Local Security Checks	high
105350	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3337-1)	Nessus	SuSE Local Security Checks	high
105349	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3336-1)	Nessus	SuSE Local Security Checks	high
105348	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3332-1)	Nessus	SuSE Local Security Checks	high
105290	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3323-1)	Nessus	SuSE Local Security Checks	high
105289	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3322-1)	Nessus	SuSE Local Security Checks	high
105288	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3321-1)	Nessus	SuSE Local Security Checks	high
105287	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3320-1)	Nessus	SuSE Local Security Checks	high
105286	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3318-1)	Nessus	SuSE Local Security Checks	high
105285	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3316-1)	Nessus	SuSE Local Security Checks	high
105283	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3313-1)	Nessus	SuSE Local Security Checks	high
105282	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3312-1)	Nessus	SuSE Local Security Checks	high
105281	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3309-1)	Nessus	SuSE Local Security Checks	high
105280	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3308-1)	Nessus	SuSE Local Security Checks	high
105278	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3305-1)	Nessus	SuSE Local Security Checks	high
105277	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3304-1)	Nessus	SuSE Local Security Checks	high
105276	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3303-1)	Nessus	SuSE Local Security Checks	high
105275	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3302-1)	Nessus	SuSE Local Security Checks	high
105274	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3301-1)	Nessus	SuSE Local Security Checks	high
105273	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3299-1)	Nessus	SuSE Local Security Checks	high
105272	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3293-1)	Nessus	SuSE Local Security Checks	high
105271	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3289-1)	Nessus	SuSE Local Security Checks	high
105270	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3287-1)	Nessus	SuSE Local Security Checks	high
105248	OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)	Nessus	OracleVM Local Security Checks	high
105247	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3659) (BlueBorne) (Dirty COW) (Stack Clash)	Nessus	Oracle Linux Local Security Checks	high
105172	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:3265-1) (KRACK)	Nessus	SuSE Local Security Checks	critical
105147	OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0173) (BlueBorne) (Stack Clash)	Nessus	OracleVM Local Security Checks	high
105145	Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3658) (BlueBorne) (Stack Clash)	Nessus	Oracle Linux Local Security Checks	high
105144	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657) (BlueBorne) (Stack Clash)	Nessus	Oracle Linux Local Security Checks	high
104578	EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1245)	Nessus	Huawei Local Security Checks	high
104454	OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0168)	Nessus	OracleVM Local Security Checks	high
104453	OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0167)	Nessus	OracleVM Local Security Checks	high
104374	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2920-1) (KRACK) (Stack Clash)	Nessus	SuSE Local Security Checks	critical
104371	Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3637)	Nessus	Oracle Linux Local Security Checks	high
104370	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3636)	Nessus	Oracle Linux Local Security Checks	high
104369	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3635)	Nessus	Oracle Linux Local Security Checks	high
104322	Ubuntu 14.04 LTS : linux vulnerabilities (USN-3470-1)	Nessus	Ubuntu Local Security Checks	high
104271	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2908-1) (KRACK) (Stack Clash)	Nessus	SuSE Local Security Checks	critical
103365	Debian DSA-3981-1 : linux - security update (BlueBorne) (Stack Clash)	Nessus	Debian Local Security Checks	high
103363	Debian DLA-1099-1 : linux security update (BlueBorne) (Stack Clash)	Nessus	Debian Local Security Checks	high
103354	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2525-1) (Stack Clash)	Nessus	SuSE Local Security Checks	critical
102922	Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-076)	Nessus	Virtuozzo Local Security Checks	high