Back to KEVs

CVE-2017-1000253

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86...

Basic Information

CVE State
PUBLISHED
Reserved Date
October 03, 2017
Published Date
October 04, 2017
Last Updated
September 10, 2024
Vendor
Linux
Product
Kernel
Description
Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary.
Tags
linux cisa malware ransomware

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2024-09-09 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2022-10-16 23:08:16 UTC) Source
Used in Malware
Yes (added 2024-09-09 00:00:00 UTC) Source

References

https://access.redhat.com/errata/RHSA-2017:2798 https://access.redhat.com/errata/RHSA-2017:2795 http://www.securitytracker.com/id/1039434 https://access.redhat.com/errata/RHSA-2017:2801 https://access.redhat.com/errata/RHSA-2017:2796 http://www.securityfocus.com/bid/101010 https://access.redhat.com/errata/RHSA-2017:2799 https://access.redhat.com/errata/RHSA-2017:2794 https://access.redhat.com/errata/RHSA-2017:2793 https://access.redhat.com/errata/RHSA-2017:2797 https://access.redhat.com/errata/RHSA-2017:2802 https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt https://access.redhat.com/errata/RHSA-2017:2800

Known Exploited Vulnerability Information

Source Added Date
CISA 2024-09-09 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

sxlmnwb/CVE-2017-1000253

Type: github • Created: 2022-10-16 23:08:16 UTC • Stars: 2

Linux Kernel 3.10.0-514.21.2.el7.x86_64 / 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable 'PIE' Local Privilege Escalation

RicterZ/PIE-Stack-Clash-CVE-2017-1000253

Type: github • Created: 2018-06-18 15:22:01 UTC • Stars: 5

Demo-ing CVE-2017-1000253 in a container

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Exploit Used in Malware

  • Added to KEVIntel