edit-icon download-icon

[Vulnerability notice] CVE-2017-1000253: PIE/stack corruption vulnerability in Linux

Last Updated: Mar 12, 2018

On September 26, 2017, news about the Linux kernel vulnerability (CVE-2017-1000253) was released in the OSS-SEC email group. This vulnerability allows for local elevation of privilege and brings security risks. The affected Linux publishers have released updates against this vulnerability.

See the following for more information about the vulnerability.


CVE identifier

CVE–2017–1000253

Vulnerability name

Linux PIE/stack corruption vulnerability

Vulnerability rating

Important

Vulnerability description

In a Linux environment, if the -pie option is used to compile an application, then the load_elf_binary() function allocates a memory block to the application, but the load_elf_ binary() function does not ensure sufficient space for the application. As a result, the PT_LOAD segment exceeds mm->mmap_base. In an x86_64 environment, if memory overflow exceeds 128 MB, the program stack is overwritten, which may lead to elevation of privilege.

Condition and method of exploitation

Local elevation of privilege

Affected scope

  • All CentOS 7 versions released before September 13, 2017 (prior to release 1708)
  • All Red Hat Enterprise Linux 7 versions released before August 1, 2017 (prior to release 7.4)
  • All CentOS 6 and Red Hat Enterprise Linux 6 versions

Vulnerability detection

Development personnel check whether the Linux kernel version in use is affected by this vulnerability.

How to fix or mitigate

Large vendors have released latest Linux kernel patches. We recommend that you upgrade the Linux kernel to Kernel 3.10.0-693 or later.

Note: Before upgrading the Linux kernel, back up data by using snapshots or remote backup to prevent data loss in case of exceptions during the upgrade.

Reference

[1]. http://seclists.org/oss-sec/2017/q3/541
[2]. http://www.openwall.com/lists/oss-security/2017/09/26/16
[3]. https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt

Thank you! We've received your feedback.