CVE-2017-1000364
Summary
| CVE | CVE-2017-1000364 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-06-19 16:29:00 UTC |
| Updated | 2018-10-18 10:29:00 UTC |
| Description | An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010). |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linux | Linux Kernel | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| CVE-2017-1000364 | SUSE | CONFIRM | www.suse.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| McAfee Corporate KB - McAfee Security Bulletin - Web Gateway update fixes vulnerabilities CVE-2012-6706, CVE-2017-1000364, CVE-2017-1000366, and CVE-2017-1000368 SB10205 | CONFIRM | kc.mcafee.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| SUSE products and a new security bug class referred to as "Stack Clash". | Support | SUSE | CONFIRM | www.suse.com | Third Party Advisory |
| Document Display | HPE Support Center | CONFIRM | support.hpe.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| CVE-2017-1000364 - Red Hat Customer Portal | CONFIRM | access.redhat.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Debian -- Security Information -- DSA-3886-1 linux | DEBIAN | www.debian.org | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Linux Kernel CVE-2017-1000364 Local Memory Corruption Vulnerability | BID | www.securityfocus.com | Issue Tracking, VDB Entry |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| McAfee Security Bulletin - Threat Intelligence Exchange Server 2.1.0 Hotfix 1 update fixes Kernel related vulnerability and possible cross-site scripting attack (CVE-2017-1000364 and CVE-2017-3907) | CONFIRM | kc.mcafee.com | |
| Solaris - RSH Stack Clash Privilege Escalation (Metasploit) - Solaris local Exploit | EXPLOIT-DB | www.exploit-db.com | |
| www.qualys.com/2017/06/19/stack-clash/stack-clash.txt | MISC | www.qualys.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Linux Kernel Small Stack Guard Page Lets Local Users Gain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.