CVE-2017-1000370 : The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed wit

The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems.

Published 2017-06-19 16:29:00

Updated 2023-01-17 21:03:47

Source MITRE

View at NVD, CVE.org

Threat overview for CVE-2017-1000370

Top countries where our scanners detected CVE-2017-1000370

Top open port discovered on systems with this issue 49152

IPs affected by CVE-2017-1000370 2,030

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2017-1000370!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2017-1000370

Probability of exploitation activity in the next 30 days: 0.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 25 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-1000370

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2017-1000370

http://www.debian.org/security/2017/dsa-3981

Debian -- Security Information -- DSA-3981-1 linux
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/99149

Linux Kernel CVE-2017-1000370 Local Security Bypass Vulnerability
Third Party Advisory;VDB Entry
https://access.redhat.com/security/cve/CVE-2017-1000370

CVE-2017-1000370 - Red Hat Customer Portal
Third Party Advisory;VDB Entry
https://www.exploit-db.com/exploits/42273/

Linux Kernel - 'offset2lib' Stack Clash
Third Party Advisory;VDB Entry

CVEs referencing this url
https://www.exploit-db.com/exploits/42274/

Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation
Third Party Advisory;VDB Entry

CVEs referencing this url
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

Third Party Advisory

CVEs referencing this url

Products affected by CVE-2017-1000370

Linux » Linux Kernel
Versions from including (>=) 4.12 and before (<) 4.12.3
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.1 and before (<) 4.1.43
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.2 and before (<) 4.4.78
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.10 and before (<) 4.11.12
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.5 and before (<) 4.9.39
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2017-1000370

Threat overview for CVE-2017-1000370

Exploit prediction scoring system (EPSS) score for CVE-2017-1000370

CVSS scores for CVE-2017-1000370

References for CVE-2017-1000370

Products affected by CVE-2017-1000370