CVE-2017-1000364

high

Description

An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).

References

https://www.suse.com/support/kb/doc/?id=7020973

https://www.suse.com/security/cve/CVE-2017-1000364/

https://www.exploit-db.com/exploits/45625/

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03800en_us

https://kc.mcafee.com/corporate/index?page=content&id=SB10207

https://kc.mcafee.com/corporate/index?page=content&id=SB10205

https://access.redhat.com/security/cve/CVE-2017-1000364

https://access.redhat.com/errata/RHSA-2017:1712

https://access.redhat.com/errata/RHSA-2017:1647

https://access.redhat.com/errata/RHSA-2017:1616

https://access.redhat.com/errata/RHSA-2017:1567

https://access.redhat.com/errata/RHSA-2017:1491

https://access.redhat.com/errata/RHSA-2017:1490

https://access.redhat.com/errata/RHSA-2017:1489

https://access.redhat.com/errata/RHSA-2017:1488

https://access.redhat.com/errata/RHSA-2017:1487

https://access.redhat.com/errata/RHSA-2017:1486

https://access.redhat.com/errata/RHSA-2017:1485

https://access.redhat.com/errata/RHSA-2017:1484

https://access.redhat.com/errata/RHSA-2017:1483

https://access.redhat.com/errata/RHSA-2017:1482

http://www.securitytracker.com/id/1038724

http://www.securityfocus.com/bid/99130

http://www.debian.org/security/2017/dsa-3886

Details

Source: Mitre, NVD

Published: 2017-06-19

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.2

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.4

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High