Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Privilege Escalation Vulnerability in Linux Kernel

 

Systems Affected


Linus Kernel 3.6 (.0, .1)
Linus Kernel 3.7 (.0, .1, .2, .3, .4, .5, .6, .7, .8)
Linus Kernel 3.8 (.0, .1, .2, .3, .4, .5, .6, .7)
Linus Kernel 3.9 (Base, .1, .2, .3, .4, .5, .6)
Linus Kernel 3.10 (.0)
Red Hat Enterprise Linux Server - Extended Update Support 7.2 x86_64
Red Hat Enterprise Linux Server - AUS 7.2 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.2 s390x
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.2 ppc64
Red Hat Enterprise Linux EUS Compute Node 7.2 x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.2 ppc64le
Red Hat Enterprise Linux Server - TUS 7.2 x86_64
Red Hat Enterprise Linux Server - 4 Year Extended Update Support 7.2 x86_64
CentOS 7 before 1708
All versions of CentOS 6

Threat Level


High


Overview


Vulnerability has been reported in Linux kernel which could be exploited by local attacker to gain elevated privileges on a targeted system.


Description


The vulnerability exists due to improper loading of Executable and Linkable Format (ELF) executables by the affected software. An unprivileged local attacker could exploit this vulnerability to cause a memory corruption.

Successful exploitation of this vulnerability could allow an unprivileged local attacker with access to SUID (or otherwise privileged) Position Independent Executable (PIE) binary could use this flaw to escalate their privileges on the targeted system.


Impact



Solution/ Workarounds


Apply appropriate patch as mentioned in below link:

https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86


References


http://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2017-0147


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.