CVE-2017-1000253
Summary
| CVE | CVE-2017-1000253 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-10-05 01:29:00 UTC |
| Updated | 2023-01-17 21:04:00 UTC |
| Description | Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary. |
Risk And Classification
EPSS: 0.541940000 probability, percentile 0.980000000 (date 2026-04-01)
CISA KEV: Listed on 2024-09-09; due 2024-09-30; ransomware use Known
Problem Types: CWE-119
CISA Known Exploited Vulnerability
| Vendor | Linux |
|---|---|
| Product | Kernel |
| Name | Linux Kernel PIE Stack Buffer Corruption Vulnerability |
| Required Action | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
| Notes | This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a87938b2e246b81b4fb713edb371a9fa3c5c3c86; https://nvd.nist.gov/vuln/detail/CVE-2017-1000253 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Centos | Centos | 6.0 | All | All | All |
| Operating System | Centos | Centos | 6.1 | All | All | All |
| Operating System | Centos | Centos | 6.2 | All | All | All |
| Operating System | Centos | Centos | 6.3 | All | All | All |
| Operating System | Centos | Centos | 6.4 | All | All | All |
| Operating System | Centos | Centos | 6.5 | All | All | All |
| Operating System | Centos | Centos | 6.6 | All | All | All |
| Operating System | Centos | Centos | 6.7 | All | All | All |
| Operating System | Centos | Centos | 6.8 | All | All | All |
| Operating System | Centos | Centos | 6.9 | All | All | All |
| Operating System | Centos | Centos | 7.1406 | All | All | All |
| Operating System | Centos | Centos | 7.1503 | All | All | All |
| Operating System | Centos | Centos | 7.1511 | All | All | All |
| Operating System | Centos | Centos | 7.1611 | All | All | All |
| Operating System | Centos | Centos | 6.0 | All | All | All |
| Operating System | Centos | Centos | 6.1 | All | All | All |
| Operating System | Centos | Centos | 6.2 | All | All | All |
| Operating System | Centos | Centos | 6.3 | All | All | All |
| Operating System | Centos | Centos | 6.4 | All | All | All |
| Operating System | Centos | Centos | 6.5 | All | All | All |
| Operating System | Centos | Centos | 6.6 | All | All | All |
| Operating System | Centos | Centos | 6.7 | All | All | All |
| Operating System | Centos | Centos | 6.8 | All | All | All |
| Operating System | Centos | Centos | 6.9 | All | All | All |
| Operating System | Centos | Centos | 7.1406 | All | All | All |
| Operating System | Centos | Centos | 7.1503 | All | All | All |
| Operating System | Centos | Centos | 7.1511 | All | All | All |
| Operating System | Centos | Centos | 7.1611 | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.1 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.8 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.9 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.1 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.1 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.8 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.9 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.1 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt | MISC | www.qualys.com | Patch, Third Party Advisory |
| Linux Kernel Stack Corruption Flaw in PIE Executables Lets Local Users Gain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Malformed Request | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 671064 EulerOS Security Update for kernel (EulerOS-SA-2019-2599)